Ezra Nugroho wrote:
Here is one security measure that you HAVE to do if you allow people to submit contents to your site.1. track client's IP. 2. Associate sensitive cookies with the IP, if they don't match, ignore it or invalidate the cookie.
If by "HAVE to" you mean "MUST NEVER," then I agree. :-) Chris -- Chris Shiflett Brain Bulb, The PHP Consultancy http://brainbulb.com/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
