On Thu, March 29, 2007 10:25 am, cajbecu wrote:
>>
>> And even then, some smart programmers are probably going to find a
>> way
>> to read your image code :)
>>
>
> that, of course, if your app will be an interface to client`s bank
> account, with online management. :)
One does have to balance Ris
On Thu, March 29, 2007 10:06 am, Daniel Brown wrote:
> Just wondering how many of you actually use any type of secure
> coding
> when doing form processing.
Always.
For all new code.
I can't possibly go back and re-write every script everywhere I ever
wrote over the past decade, though...
W
At 5:18 PM +0200 3/29/07, Tijnema ! wrote:
I've discussed the problems with using image code (CAPTCHA) in another
post on this list. So then you would create a script of 100+ lines to
do it :)
And even then, some smart programmers are probably going to find a way
to read your image code :)
I'
You can pass session ID data via the URL. Ugly as it is, that's a viable
option (that I see used a lot actually.. kinda drives me nuts but I understand
it) for when you don't have people logging in and/or can't guarentee that
cookies will be available.
As was mentioned a few times, CAPTCHA met
Good topic. It's touched on here and there in other questions, but always good
to hit it head-on from time to time too.
First, mysql_real_escape_string() for inserting into MySQL and whatever equiv
you can find for whatever other database you may be using. addslashes() isn't
so hot for databa
>
> And even then, some smart programmers are probably going to find a way
> to read your image code :)
>
that, of course, if your app will be an interface to client`s bank
account, with online management. :)
cajb.
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http:
On 3/29/07, cajbecu <[EMAIL PROTECTED]> wrote:
>
> if($_POST && eregi(getenv("SERVER_NAME"),getenv("HTTP_REFERER"))) {
>// This is a safe POST
>} elseif(!eregi(getenv("SERVER_NAME"),getenv("HTTP_REFERER"))) {
>die("Illegal access. Your IP has been logged.\n");
>}
> ?>
Many legitimate users will have their referrer blocked by proxies or by
browser preference so you'll also have false negatives.
Arpad
cajbecu wrote:
it is not safe. i can use curl (www.php.net/curl) and modify the referer
of my script to pass this security check. i advise you to add i
>
> if($_POST && eregi(getenv("SERVER_NAME"),getenv("HTTP_REFERER"))) {
>// This is a safe POST
>} elseif(!eregi(getenv("SERVER_NAME"),getenv("HTTP_REFERER"))) {
>die("Illegal access. Your IP has been logged.\n");
>}
> ?>
>
it is not safe. i can use curl (www.php.net
9 matches
Mail list logo
