Thanks guys now i know what must i do :)
Chris Shiflett escribió: > Stut wrote: > >> You could put a hash value into a hidden field on the form, and >> also store it in the session. When the form is submitted only >> accept it if the hashes match. >> >> However, this is very easy to get around, so I suggest you >> consider why you think you need this level of checking. Assuming >> you're properly validating and escaping all input coming from >> outside the app, IMHO this type of "security" should not be needed. >> > > It can useful when you want to verify intent, which is an important > consideration these days: > > http://shiflett.org/articles/cross-site-request-forgeries > > (I have an update that I need to publish, but this should be enough to > explain the potential problems this technique can help prevent.) > > Chris > > -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
