Re: List Fails on some computers - www missing in url — PHP Programming Language

You are here: Re: List Fails on some computers - www missing in url « PHP Programming Language « IT news, forums, messages

Posted by Rik on 03/09/07 03:28

Gordon Burditt <gordonb.o54mo@burditt.org> wrote:

>>> >> That's what you don't get. www.example.com is NOT the same as
>>> >> example.com.
>>
>> Yes it is - for any domain issued

OMFG! Back to school. Don't pretend to now anything anymore.

>> denying that simple fact allows PHP
>> to continue to ignore a security critical bug. A fact easily tested.

So you're the reason so many bug report sites are cluttered, out of date=
, =

and seriously slow.

> The same applies to sessions. If the browser doesn't send a session
> cookie because the hostname is different, PHP has no way to know
> if it was part of a session. There's no way for PHP to fix this,
> short of a mind-reading protocol. Even that wouldn't work unless
> browsers were made intelligent enough to have a mind to read.

Time to implement DWIM() :-)
http://ars.userfriendly.org/cartoons/?id=3D20011121

>> Try going to any site with either and you get the same result unless
>> its a very old domain. Nobody is now issued with a domain where those=

>> 2 addresses result in a different IP address. Nobody.

What 'issued'? Configured you mean? Ad how much research have you done o=
n =

the subject? Hardly anything i'd imagine.

Also, often there are a lot of websites running on the same IP. Should t=
he =

browser sent out cookies to totally unrelated sites that just happen to =
=

have the same hoster?

>> the WWW is just a convention that means nothing in relation to the
>> domain.

It is a subdomain. Get it?

>> PHP using sessions constitutes a massive security hazard until this
>> serious bug is fixed.
>
> The same so-called "bug" exists even if you uninstall PHP.

And I wouldn't call it a security hazard if users can't login. 't Would =
be =

more of a hazard if they can log in with wrong credentials. And the mome=
nt =

my browser is sending out cookies to different domains then those that s=
et =

them it the moment I trash it for another one.
-- =

Rik Wasmus
Posted on Usenet, not any forum you might see this in.
Ask Smart Questions: http://tinyurl.com/anel

Navigation:

Next in forum: Re: Need some help on header refresh...
Prev in forum: Re: Need some help on header refresh...
Thread view: Re: List Fails on some computers - www missing in url

[Reply to this message]

Удаленная работа для программистов • Как заработать на Google AdSense • England, UK • статьи на английском • PHP MySQL CMS Apache Oscommerce • Online Business Knowledge Base • DVD MP3 AVI MP4 players codecs conversion help

Home • Search • Site Map • Set as Homepage • Add to Favourites

Сайт изготовлен в Студии Валентина Петручека —
изготовление и поддержка веб-сайтов, разработка программного обеспечения, поисковая оптимизация