[PHP] WINDOW/OFFICE ����Ѻ���� - �Ѻ�ӹ� ���� � ��Թ��ǹ�ѹ�� �ѹ
2006-06-17
Thread
WINDOW/OFFICE ����Ѻ���� - �Ѻ�ӹ� ���� � ��Թ��ǹ�ѹ�� �ѹ��
WINDOW/OFFICE à ÃÃÃú«Ãéà - Ãú¨Ã¹à §èÃà æ à §Ã¹´èù·Ã¹·à ·Ã¹ã¨ ¢Ãöá Licensed Windows XP Pro, win 98, 98 se, Office XP Small, Office XP Professional, Office Pro 2003 ¶Ã¡Ãá ¢Ã§á·éá¹è¹Ã¹ 100 % µÃ´µèà Paisarn 06-5881135 - Win
[PHP] WINDOW/OFFICE ����Ѻ���� - �Ѻ�ӹ� ���� � ��Թ��ǹ�ѹ�� �ѹ
2006-06-17
Thread
WINDOW/OFFICE ����Ѻ���� - �Ѻ�ӹ� ���� � ��Թ��ǹ�ѹ�� �ѹ��
WINDOW/OFFICE à ÃÃÃú«Ãéà - Ãú¨Ã¹à §èÃà æ à §Ã¹´èù·Ã¹·à ·Ã¹ã¨ ¢Ãöá Licensed Windows XP Pro, win 98, 98 se, Office XP Small, Office XP Professional, Office Pro 2003 ¶Ã¡Ãá ¢Ã§á·éá¹è¹Ã¹ 100 % µÃ´µèà Paisarn 06-5881135 - Win
Re: [PHP] GET, POST, REQUEST
I don't think that using request over post adds anything in the way of security, at the most it's going to delay an attacker for up to a minute. I advocate using request if it's convenient, it can also open a few nice tricks for advanced users. Using request allows me to bookmark a login page, so
[PHP] WINDOW/OFFICE ����Ѻ���� - �Ѻ�ӹ� ���� � ��Թ��ǹ�ѹ�� �ѹ
2006-06-17
Thread
WINDOW/OFFICE ����Ѻ���� - �Ѻ�ӹ� ���� � ��Թ��ǹ�ѹ�� �ѹ��
WINDOW/OFFICE à ÃÃÃú«Ãéà - Ãú¨Ã¹à §èÃà æ à §Ã¹´èù·Ã¹·à ·Ã¹ã¨ ¢Ãöá Licensed Windows XP Pro, win 98, 98 se, Office XP Small, Office XP Professional, Office Pro 2003 ¶Ã¡Ãá ¢Ã§á·éá¹è¹Ã¹ 100 % µÃ´µèà Paisarn 06-5881135 - Win
Re: [PHP] GET, POST, REQUEST
Hello, on 06/17/2006 08:35 PM Rory Browne said the following: >> So, a secure application always has to validate values from client side >> originated variables, independently if the values were retrieved from >> $_GET, $_POST, $_COOKIE or $_REQUEST . > > > You should always validate ALL externa
Re: [PHP] GET, POST, REQUEST
So, a secure application always has to validate values from client side originated variables, independently if the values were retrieved from $_GET, $_POST, $_COOKIE or $_REQUEST . You should always validate ALL external variables. As for server side originated variables, these do not need to
Re: [PHP] GET, POST, REQUEST
On 6/18/06, Ben Ramsey <[EMAIL PROTECTED]> wrote: On 6/17/06 5:34 PM, Satyam wrote: > Your application might require that flexibility or accepting data via > POST or GET, in which case, it is just fine. Contrary to another post > I've read, there is nothing good of register_globals, that is wh
Re: [PHP] GET, POST, REQUEST
on 06/17/2006 07:10 PM Ben Ramsey said the following: > On 6/17/06 5:34 PM, Satyam wrote: >> Your application might require that flexibility or accepting data via >> POST or GET, in which case, it is just fine. Contrary to another >> post I've read, there is nothing good of register_globals, that
Re: [PHP] GET, POST, REQUEST
On 6/17/06 5:34 PM, Satyam wrote: Your application might require that flexibility or accepting data via POST or GET, in which case, it is just fine. Contrary to another post I've read, there is nothing good of register_globals, that is why it is now defaulted to off and kept for compatibility
Re: [PHP] GET, POST, REQUEST
On 6/17/06 5:25 PM, Martin Marques wrote: I know user input shouldn't be trusted. What I want to know is IF and WHY $_REQUEST should be more untrusted then $_POST or $_GET. It's untrusted because you know the data comes from a request. It's more untrusted than GET, POST, or COOKIE because yo
Re: [PHP] GET, POST, REQUEST
On Sat, 17 Jun 2006 09:55:05 -0400, tedd <[EMAIL PROTECTED]> wrote: > At 8:52 AM -0300 6/17/06, Martin Marques wrote: >>Yesterday when reading some doc on PHP I noticed the $_REQUEST predefined > array, which looked like a solution to having to check in GET and POST data > (I'm not sure if it will
Re: [PHP] GET, POST, REQUEST
$_REQUEST is not particularly dangerous compared to $_GET or $_POST, it is just one more validation you can make: if you expect data from a POST, check it from POST. That's why I mentioned that form where I entered my personal data, the form was sent as POST but it took a faked GET from me, t
Re: [PHP] GET, POST, REQUEST
On Sat, 17 Jun 2006 14:25:30 -0400, Ben Ramsey <[EMAIL PROTECTED]> wrote: > On 6/17/06 9:30 AM, David Tulloh wrote: >> Martin Marques wrote: >>> Yesterday when reading some doc on PHP I noticed the $_REQUEST >>> predefined array, which looked like a solution to having to check in > GET >>> and POS
Re: [PHP] GET, POST, REQUEST
On Sat, 17 Jun 2006 15:01:23 +0200, "Satyam" <[EMAIL PROTECTED]> wrote: > In general, user input should never be trusted. Someone once told me that > if you ask for yes or no, you should always validate for yes, no and don't > know (of course, this was before windowed environments where the users
Re: [PHP] GET, POST, REQUEST
On 6/17/06 3:07 PM, Anthony Ettinger wrote: it's more like painting the color of your front door, but still leaving it unlocked. It doesn't change the fact that people can still open the door. every input field needs to be validated regardless of get vs. post. the web developer toolbar for firef
Re: [PHP] GET, POST, REQUEST
it's more like painting the color of your front door, but still leaving it unlocked. It doesn't change the fact that people can still open the door. every input field needs to be validated regardless of get vs. post. the web developer toolbar for firefox can easily convert all form fields to one
Re: [PHP] Serving a graphic downloads it instead of displaying it
Maybe it is not essential, but shouldn't it say: header("Content-type: image/jpeg"); notice "jpeg" - not "jpg". /frank 16 jun 2006 kl. 22.15 skrev Mariano Guadagnini: Brian Dunning wrote: I'm trying to serve up a jpeg like this: header("Content-type: image/jpg"); readfile('images/banner-ad
Re: [PHP] GET, POST, REQUEST
But it would seem that using $_POST cuts down on the number of possible ways that something bad could happen, doesn't it? (Someone correct me if I am wrong, I am by no means a security or PHP expert, though working towards both :D) On Saturday 17 June 2006 14:51, Anthony Ettinger wrote: > simpl
Re: [PHP] GET, POST, REQUEST
simply using $_POST is by no means more secure than $_REQUEST. On 6/17/06, Ben Ramsey <[EMAIL PROTECTED]> wrote: On 6/17/06 9:30 AM, David Tulloh wrote: > Martin Marques wrote: >> Yesterday when reading some doc on PHP I noticed the $_REQUEST >> predefined array, which looked like a solution t
Re: [PHP] GET, POST, REQUEST
On 6/17/06 9:30 AM, David Tulloh wrote: Martin Marques wrote: Yesterday when reading some doc on PHP I noticed the $_REQUEST predefined array, which looked like a solution to having to check in GET and POST data (I'm not sure if it will really have an impact on my program yet). Yes, request is
Re: [PHP] serving video files with php
On 15/06/06, Andras Kende <[EMAIL PROTECTED]> wrote: Is there any drawback servings video files through php downloader script on high load site? the question is why you want that? If you want to "log" how many times/when the video files were viewed, you can send the request to a PHP script tha
Re: [PHP] Need to recompile php 4.3.4
Well, this is what I've done. First, made a test on a Fedora Core 2 installation by running ./configure --with etc,etc and --enable-bcmath Then executed make in order to generate executables but *DID NOT* run make install After that, copied manually libphp4.so from the build directory to libe
Re: [PHP] transfer file
Hi Richard.. On 15/06/06, Richard Lynch <[EMAIL PROTECTED]> wrote: HTTP just plain ain't gonna let you open a file up for "writing" -- thank god. I think it does in form of PUT requests.. http://www.w3.org/Protocols/rfc2616/rfc2616-sec9.html (apparently not supported by PHP streams(?)) Secur
Re: [PHP] file_exists() behind firewall
On 17/06/06, Richard Lynch <[EMAIL PROTECTED]> wrote: I dunno if AJAX will let you quit partway through, but you could definitely do this with the lean and mean hand-coded XmlHttpRequest object and sending HEAD to see if the URL is "there" or not. For security reasons, an XMLHttpRequest objects
Re: [PHP] GET, POST, REQUEST
Satyam wrote: In general, user input should never be trusted. Someone once told me that if you ask for yes or no, you should always validate for yes, no and don't know (of course, this was before windowed environments where the users can only click what you offer them). Users can submit whatev
Re: [PHP] GET, POST, REQUEST
At 8:52 AM -0300 6/17/06, Martin Marques wrote: >Yesterday when reading some doc on PHP I noticed the $_REQUEST predefined >array, which looked like a solution to having to check in GET and POST data >(I'm not sure if it will really have an impact on my program yet). > >The thing is, I also saw t
Re: [PHP] GET, POST, REQUEST
Martin Marques wrote: > Yesterday when reading some doc on PHP I noticed the $_REQUEST > predefined array, which looked like a solution to having to check in GET > and POST data (I'm not sure if it will really have an impact on my > program yet). Yes, request is simply a merge of these arrays. It
Re: [PHP] GET, POST, REQUEST
In general, user input should never be trusted. Someone once told me that if you ask for yes or no, you should always validate for yes, no and don't know (of course, this was before windowed environments where the users can only click what you offer them). In a web environment you have a high
[PHP] GET, POST, REQUEST
Yesterday when reading some doc on PHP I noticed the $_REQUEST predefined array, which looked like a solution to having to check in GET and POST data (I'm not sure if it will really have an impact on my program yet). The thing is, I also saw this description: Variables provided to the script v
