You are here: Re: [PHP] Re: trying to figure out the best/efficient way to tell whois loggedinto a site.. « PHP « IT news, forums, messages
Re: [PHP] Re: trying to figure out the best/efficient way to tell whois loggedinto a site..

Posted by "Richard Lynch" on 09/15/05 01:25

On Wed, September 14, 2005 4:03 pm, Ben wrote:
>>>using $_REQUEST you'll be oblivious. You ought to know where your
>>>variable values are coming from, $_REQUEST hides this.

I think I must object to saying "$_REQUEST" hides this.

$_REQUEST tells you it came from POST or GET (or COOKIE)

Anyway, I have several applications where both GET and POST are
supported, and behave the same, using $_REQUEST.

I really don't care if somebody wants to web-scrape with GET instead
of POST, or even if they manage to fargle their Cookies to get the
data they need.

GET, POST, and COOKIE are all equally untrustworthy in my eyes.

Lumping them into one big mess to deal with, and responding to them
"the same" makes sense to me from a Security standpoint.

And certainly providing an HTTP response to both GET/POST, not caring
which way the requestor asked for it, doesn't matter to me.

I don't think it "reduces" security to not care about whether the
request is GET or POST -- Any moron can fake up either GET or POST in
minutes. No difference, in the Big Picture.

--
Like Music?
http://l-i-e.com/artists.htm

 

Navigation:

[Reply to this message]


Удаленная работа для программистов  •  Как заработать на Google AdSense  •  England, UK  •  статьи на английском  •  PHP MySQL CMS Apache Oscommerce  •  Online Business Knowledge Base  •  DVD MP3 AVI MP4 players codecs conversion help
Home  •  Search  •  Site Map  •  Set as Homepage  •  Add to Favourites

Copyright © 2005-2006 Powered by Custom PHP Programming

Сайт изготовлен в Студии Валентина Петручека
изготовление и поддержка веб-сайтов, разработка программного обеспечения, поисковая оптимизация