Re: [PHP] Re: security question...?? — PHP

You are here: Re: [PHP] Re: security question...?? « PHP « IT news, forums, messages

Posted by Chris Shiflett on 07/10/05 05:21

Matthew Weier O'Phinney wrote:
> The reason I ask is that (1) it shouldn't matter HOW the HTTP request is
> initiated. What *should* matter is that the page handles the request
> gracefully and returns something (HTTP headers only, or headers + page)
> as a result.

That's an interesting way of explaining that. I think I might try to
come up with something similar, since this question comes up a lot. It
seems clearer than any way that I've explained it in the past.

Prior, when people asked me how to prevent spoofing forms, I would
usually say something to the effect of, "don't worry about it," and
throw in CSRF attacks as the only caveat. My point was that it shouldn't
matter what the client sends, as long as it abides by your rules.

Chris

--
Chris Shiflett
Brain Bulb, The PHP Consultancy
http://brainbulb.com/

Navigation:

Next in forum: RE: [PHP] iCalendar creation not working with Outlook [SOLVED]
Prev in forum: Re: [PHP] PHP vs. ColdFusion
Thread view: Re: [PHP] Re: security question...??

[Reply to this message]

Удаленная работа для программистов • Как заработать на Google AdSense • England, UK • статьи на английском • PHP MySQL CMS Apache Oscommerce • Online Business Knowledge Base • DVD MP3 AVI MP4 players codecs conversion help

Home • Search • Site Map • Set as Homepage • Add to Favourites

Сайт изготовлен в Студии Валентина Петручека —
изготовление и поддержка веб-сайтов, разработка программного обеспечения, поисковая оптимизация