On Tue, April 24, 2007 9:35 am, AraDaen wrote:
> Im looking for info about a secure alternative to the use of
> $_server['http_refere'] to check in a script from where are arriving
> $_post vars.
>
> any suggestion?
HTTP_REFERER is not even reliably sent on all browser, much less
useful as a secur
Thanks guys now i know what must i do :)
Chris Shiflett escribió:
> Stut wrote:
>
>> You could put a hash value into a hidden field on the form, and
>> also store it in the session. When the form is submitted only
>> accept it if the hashes match.
>>
>> However, this is very easy to get aroun
Stut wrote:
> You could put a hash value into a hidden field on the form, and
> also store it in the session. When the form is submitted only
> accept it if the hashes match.
>
> However, this is very easy to get around, so I suggest you
> consider why you think you need this level of checking. As
AraDaen wrote:
Im looking for info about a secure alternative to the use of
$_server['http_refere'] to check in a script from where are arriving
$_post vars.
You could put a hash value into a hidden field on the form, and also
store it in the session. When the form is submitted only accept it
Im looking for info about a secure alternative to the use of
$_server['http_refere'] to check in a script from where are arriving
$_post vars.
any suggestion?
Thans a lot.
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
5 matches
Mail list logo
