[PHP-WIN] cookies and sessions...
what is the difference between cookies, sessions and sessioncookies? I use sessions only when I design websites and it works great. But sometimes when I check the statistics for my sites the visiting paths ends with a PHPSID, but most of the time they don't. when does one occur and when does the other? thanks... .bobo -- PHP Windows Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
php-windows Digest 8 Dec 2003 19:04:04 -0000 Issue 2032
php-windows Digest 8 Dec 2003 19:04:04 - Issue 2032 Topics (messages 22332 through 22333): Re: PHP_OpenSSL help needed 22332 by: Eric COLINET cookies and sessions... 22333 by: Bobo Wieland Administrivia: To subscribe to the digest, e-mail: [EMAIL PROTECTED] To unsubscribe from the digest, e-mail: [EMAIL PROTECTED] To post to the list, e-mail: [EMAIL PROTECTED] -- --- Begin Message --- Hi, Yes and put an other library in system32: ssleay32.dll >My guess is that I must initialize SSL somehow so that it has the public >key for our CAS server ... but I can't find where to do that yet. Maybe, but not at startup time. Most likely when you make the communication. Eric At 09:03 07/12/2003, Seung Hwan Kang wrote: You need to install openssl.cnf. Please look at c:\php\openssl\REAMME-SSL.txt (php 5.00b2). Ralph Nicovich wrote: I am trying to bring up CAS authentication on our server that runs PHP. I have some example code, that 'mostly' works... but it requires that PHP use HTTPS to verify the users 'ticket' with our CAS server. I cannot find any good doc's on how to bring up php_openssl.dll. I un-comment the extention and put the libeay file in the system32 directory. But everytime the page is accessed (by a user) our PHP server gets an error that it cannot open the php_openssl extention... I have opend all access rights (on my test server) to the point where rights should not be the problem. My guess is that I must initialize SSL somehow so that it has the public key for our CAS server ... but I can't find where to do that yet. Any Help out there on SSL? -- PHP Windows Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php --- End Message --- --- Begin Message --- what is the difference between cookies, sessions and sessioncookies? I use sessions only when I design websites and it works great. But sometimes when I check the statistics for my sites the visiting paths ends with a PHPSID, but most of the time they don't. when does one occur and when does the other? thanks... .bobo --- End Message ---
RE: [PHP-WIN] md5 password with javascirpt
Maybe I'm missing something fairly fundamental, but I don't see how simply sending an encoded password increases the security for a single site scenario. Surely a hacker just has to capture the encoded password and submit that? ( I can understand how it prevents the disclosure of the original plaintext password which might also be valid at other sites which do not utilise encoding and so prevents gaining access to several sites. I also understand how it avoids the need to store plaintext passwords in a validation database. ) Isn't SSL the only secure transport for any sensitive data? Waiting to be corrected ... Regards, Roy -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: 05 December 2003 12:07 To: [EMAIL PROTECTED]; [EMAIL PROTECTED] Subject: RE: [PHP-WIN] md5 password with javascirpt Try this site: http://pajhome.org.uk/ for the MD5.js file. Lots of security tips and tricks. -Original Message- From: Exiang [mailto:[EMAIL PROTECTED] Sent: 05 December 2003 08:39 To: [EMAIL PROTECTED] Subject: [PHP-WIN] md5 password with javascirpt Hi, question: how to encode a password in client side with javascipt.. thanx. regards, exiang -- PHP Windows Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP Windows Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP-WIN] md5 password with javascirpt
I wondered this too. We used IIS to limit acess to specific IP block of users, along with client and even server side encoding but even that can be compromised. I think any form of security needs to be looked at closely...them there hackers are a tricky bunch...and they don't share the same deadlines us application engineers do. ROn >From: Roy Henderson >To: [EMAIL PROTECTED] >Sent: 12/08/2003 2:49 PM >Maybe I'm missing something fairly fundamental, but I don't see how simply >sending an encoded password increases the security for a single site >scenario. > >Surely a hacker just has to capture the encoded password and submit that? > >( I can understand how it prevents the disclosure of the original plaintext >password which might also be valid at other sites which do not utilise >encoding and so prevents gaining access to several sites. I also understand >how it avoids the need to store plaintext passwords in a validation >database. ) > >Isn't SSL the only secure transport for any sensitive data? > >Waiting to be corrected ... > >Regards, > >Roy > > >-Original Message- >From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] >Sent: 05 December 2003 12:07 >To: [EMAIL PROTECTED]; [EMAIL PROTECTED] >Subject: RE: [PHP-WIN] md5 password with javascirpt > >Try this site: http://pajhome.org.uk/ for the MD5.js file. > >Lots of security tips and tricks. > >-Original Message- >From: Exiang [mailto:[EMAIL PROTECTED] >Sent: 05 December 2003 08:39 >To: [EMAIL PROTECTED] >Subject: [PHP-WIN] md5 password with javascirpt > > >Hi, >question: how to encode a password in client side with javascipt.. > >thanx. > >regards, >exiang > >-- >PHP Windows Mailing List (http://www.php.net/) >To unsubscribe, visit: http://www.php.net/unsub.php > >-- >PHP Windows Mailing List (http://www.php.net/) >To unsubscribe, visit: http://www.php.net/unsub.php > > > -- PHP Windows Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-WIN] ODBC/MSSQL Connect function
I use the below function string to connect to the database. mssql_connect($_SESSION["hostname"],$_SESSION["user"],$_SESSION["password"]) now if i want to connect using the odbc_connect function do i have to change all my mssql_fetch_array and mssql_query functions too. Please help Thanks Regards, Harpreet Kaur -- PHP Windows Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-WIN] Re: ODBC/MSSQL Connect function
Harpreet wrote: I use the below function string to connect to the database. mssql_connect($_SESSION["hostname"],$_SESSION["user"],$_SESSION["password"]) now if i want to connect using the odbc_connect function do i have to change all my mssql_fetch_array and mssql_query functions too. Please help Thanks Regards, Harpreet Kaur Yes, that's the way that the database functions work, unfortunately. However, there is a solution. If you use a database abstraction class, you can use the same code for many types of databases. One such is PEAR's DB. (http://pear.php.net/package/DB). You could also use PEAR's MDB and the ADODB PHP package. -- paperCrane -- PHP Windows Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-WIN] Setting Cookie problem
Hello, [Using Apache 2.0.47 with PHP 4.3 with IE.6(allowing cookies)] I have made previous php pages so just to confirm that the configuration for php IS working :) I created the page(below) from a tutorial for setting cookies. But the cookie itself doesn't get stored(as I have debuged in the code) I have also used a program called tcpTrace(http://www.pocketsoap.com/tcptrace/) which outputs the sent/received message (including HTTP headers) and this doesn't show the 'Cookie:blah=blah' attribute when accessing the page below either. Any suggestions/experience on the annoying problem would be much appreciated! Cheers, Mike. This is code of 'cookies.php': Cookie test script // for debug //nothing appears Type value: __ Do you Yahoo!? New Yahoo! Photos - easier uploading and sharing. http://photos.yahoo.com/ -- PHP Windows Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-WIN] php.ini
Does anyone know why the ASPI module is not reading php.ini under windows 2000 server? its in c:\winnt\php.ini settings are at www.ixon.co.nz/phpinfo.php -- PHP Windows Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-WIN] php.ini
Hi, The php.ini file ies read on startup. If you make changes to the ini file after the web server was started, you need to restart the web server to get the latest ini settings. - Frank > Does anyone know why the ASPI module is not reading php.ini under windows > 2000 server? its in c:\winnt\php.ini > > settings are at www.ixon.co.nz/phpinfo.php > > -- > PHP Windows Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php > -- PHP Windows Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
