My boss wants to combine the previously build security, that we have within a notes Domino server, with a few pages that we run on PHP.
As I've tried to use PHP to talk to a notes database, and failed I've decided that the easiest option is to: 1. Add a link on the notes site to the PHP site. 2. On the first PHP page, do a check (if ($HTTP_REFERER =='http://notessite') {$_SESSION[loggedin] = true;}) 3. Simply check for the session named logged in. So I'm worried that while ths will work, it's a bit flimsy. Can a user overwrite the $HTTP_REFERER? Any other clever ideas to enable what I'm after? Cheers, Tris... ********************************************************************* The information contained in this e-mail message is intended only for the personal and confidential use of the recipient(s) named above. If the reader of this message is not the intended recipient or an agent responsible for delivering it to the intended recipient, you are hereby notified that you have received this document in error and that any review, dissemination, distribution, or copying of this message is strictly prohibited. If you have received this communication in error, please notify us immediately by e-mail, and delete the original message. *********************************************************************** -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
