You are here: Re: [PHP] Re: trying to figure out the best/efficient way to tell whois logged into a site.. « PHP « IT news, forums, messages
Re: [PHP] Re: trying to figure out the best/efficient way to tell whois logged into a site..

Posted by Scott Noyes on 09/14/05 22:15

> Suppose you have a form that posts set hidden values. A malicious user
> could modify the URI to change those values.

A malicious user could just as easily modify the http header that sets
the POST, or the cookie that sets the COOKIE, or whatever. In other
words, if it comes from the user, it could have been tampered with.

> Which raises the question, in the scenario above, you may have an identical
> 'post' value and 'get' value submitted to the same page. Which takes
> precidence in $_REQUEST?

That is configurable in php.ini (I think). By default, COOKIE
overwrites POST overwrites GET.

 

Navigation:

[Reply to this message]


Удаленная работа для программистов  •  Как заработать на Google AdSense  •  England, UK  •  статьи на английском  •  PHP MySQL CMS Apache Oscommerce  •  Online Business Knowledge Base  •  DVD MP3 AVI MP4 players codecs conversion help
Home  •  Search  •  Site Map  •  Set as Homepage  •  Add to Favourites

Copyright © 2005-2006 Powered by Custom PHP Programming

Сайт изготовлен в Студии Валентина Петручека
изготовление и поддержка веб-сайтов, разработка программного обеспечения, поисковая оптимизация