|
|
Posted by xkorakidis on 10/20/56 11:32
Thanks so much Mirco, but I would appritiate that very much if I had
some examples. I'm not so keen in php, so some things seem to be complex
for me. I downloaded OSCommerce but the script pages aren't so simple
for beginning...
So if you have something (code/url of examples) about this type of
encryption-decryption and that type of programming you describe in next
msg (classes, functions etc) plz send me. The only way I work until now
is to call a php script page wich does an individual work. Guess that is
the "jumpto" script?
Thanks!
Mirco Blitz wrote:
> HI,
>
> I totaly agree to Jaspers answer.
>
> That’s why I use ONE jumpto script and GET.
>
> I usually encrypt the given Values I give over to the script and decrypt
> them on recive. That way nearly nobody can assume wich values are really
> given to the script.
>
> If you want to make it rocket safe, generate a random string that you place
> in a session variable for crypting and decrypting. By that way the value is
> different on every startup and you can be ure that you have made it when
> decrypting. If someone try's to use xsripting and try's to fool your script,
> latest the case structure yould not work, cause no plausible data is
> recived.
>
> But who would like to xscript on a jump page, it can't harm really.
>
> Greetings
> Mirco
>
> -----Ursprüngliche Nachricht-----
> Von: Jasper Bryant-Greene [mailto:jasper@album.co.nz]
> Gesendet: Sonntag, 20. November 2005 04:12
> An: xkorakidis
> Cc: php-general@lists.php.net
> Betreff: Re: AW: [PHP] how can I CALL a PHP script from different TEXT
> LINKSwith differentPARAMETERS?
>
> xkorakidis wrote:
>>Webmaster, thanks very much but I think it would be safer to do that by
>>post, not by get. Furthermore, if I use indivudual files
>
> It is a fallacy to ever tell someone that POST is safer than GET. They
> both transmit data in plaintext and it should not be assumed that either
> is inherently safer than the other, as this simply gives others a false
> sense of security.
>
> The difference between POST and GET lies in the semantics -- POST
> represents something changing on the server, e.g. updating a database
> field, and allows the browser to warn the user if they try to refresh.
> GET represents nothing of importance changing on the server, e.g.
> performing a search on the database, and can safely be repeated.
>
> SSL/TLS is the best option if you wish to transmit sensitive data.
>
Navigation:
[Reply to this message]
|