--- GH <[EMAIL PROTECTED]> wrote:
> Brian:
>
> What way should you not reference session variables? I seem to have
> missed that part of the discussion... Sorry.
I think he meant to be wary of register_globals and thinking you're
referencing a session variable when you use $foo rather than
$_SES
--- j kensler <[EMAIL PROTECTED]> wrote:
> The first thing to do is to set your scripts to not allow session
> handling to be carried out through the URL if a person's browser
> won't accept cookies. It would be way too easy to change the ID.
While true, it is only barely more convenient to change
--- Aaron Todd <[EMAIL PROTECTED]> wrote:
> Can anyone tell me how secure a session variable is.
It's 93% secure. :-)
Seriously, session data is generally more secure than other data that
you're likely to use. If you try to consider your data as being either
local or foreign, I think you'll start
Brian:
What way should you not reference session variables? I seem to have
missed that part of the discussion... Sorry.
Gary
On Thu, 30 Sep 2004 10:17:51 -0500, Brian <[EMAIL PROTECTED]> wrote:
> Along with the other tips people gave, make sure that if you have
> register globals turned on, do
Along with the other tips people gave, make sure that if you have
register globals turned on, do not ever reference a session variable
that way, always use $_SESSION
On Thu, 30 Sep 2004 08:39:42 -0400, Aaron Todd <[EMAIL PROTECTED]> wrote:
> Can anyone tell me how secure a session variable is. I
> Can anyone tell me how secure a session variable is. I realize that if
> someone wanted to take the time to break into my site they will eventually
> succeed, but I dont want to make it too easy. I have a database that stores
> a username and an encrypted password which both are verifyed when t
The first thing to do is to set your scripts to not allow session
handling to be carried out through the URL if a person's browser won't
accept cookies. It would be way too easy to change the ID. And also if
the id numbers are sequential, you might also want to have a second,
random identifier that
7 matches
Mail list logo
