On Thu, March 29, 2007 10:25 am, cajbecu wrote:
>>
>> And even then, some smart programmers are probably going to find a
>> way
>> to read your image code :)
>>
>
> that, of course, if your app will be an interface to client`s bank
> account, with online management. :)
One does have to balance Ris
On Thu, March 29, 2007 10:06 am, Daniel Brown wrote:
> Just wondering how many of you actually use any type of secure
> coding
> when doing form processing.
Always.
For all new code.
I can't possibly go back and re-write every script everywhere I ever
wrote over the past decade, though...
W
At 5:18 PM +0200 3/29/07, Tijnema ! wrote:
I've discussed the problems with using image code (CAPTCHA) in another
post on this list. So then you would create a script of 100+ lines to
do it :)
And even then, some smart programmers are probably going to find a way
to read your image code :)
I'
You can pass session ID data via the URL. Ugly as it is, that's a viable
option (that I see used a lot actually.. kinda drives me nuts but I understand
it) for when you don't have people logging in and/or can't guarentee that
cookies will be available.
As was mentioned a few times, CAPTCHA met
Good topic. It's touched on here and there in other questions, but always good
to hit it head-on from time to time too.
First, mysql_real_escape_string() for inserting into MySQL and whatever equiv
you can find for whatever other database you may be using. addslashes() isn't
so hot for databa
>
> And even then, some smart programmers are probably going to find a way
> to read your image code :)
>
that, of course, if your app will be an interface to client`s bank
account, with online management. :)
cajb.
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http:
On 3/29/07, cajbecu <[EMAIL PROTECTED]> wrote:
>
> if($_POST && eregi(getenv("SERVER_NAME"),getenv("HTTP_REFERER"))) {
>// This is a safe POST
>} elseif(!eregi(getenv("SERVER_NAME"),getenv("HTTP_REFERER"))) {
>die("Illegal access. Your IP has been logged.\n");
>}
> ?>
Many legitimate users will have their referrer blocked by proxies or by
browser preference so you'll also have false negatives.
Arpad
cajbecu wrote:
it is not safe. i can use curl (www.php.net/curl) and modify the referer
of my script to pass this security check. i advise you to add i
>
> if($_POST && eregi(getenv("SERVER_NAME"),getenv("HTTP_REFERER"))) {
>// This is a safe POST
>} elseif(!eregi(getenv("SERVER_NAME"),getenv("HTTP_REFERER"))) {
>die("Illegal access. Your IP has been logged.\n");
>}
> ?>
>
it is not safe. i can use curl (www.php.net
Just wondering how many of you actually use any type of secure coding
when doing form processing. I'm guilty of not doing it all the time myself,
but I'm trying to get into the habit of doing so. For example, I don't want
someone else modifying a form to auto-post values to my handler, so I w
10 matches
Mail list logo
