|
|
Posted by David Haynes on 03/01/06 20:52
julian_m wrote:
> David Haynes wrote:
>> While you can detect edits to your
>> argument data, can you detect replays?
>
> Well, actually, I could. Just adding inside the argument verifier (md5)
> the date it was created, and comparing it agaist the server date.
> Nothing brillant, just an idea...
>
> saludos - julian
>
Hmmm...
I don't see how that would work.
You'd send out a page to a browser with an encoded timestamp.
It would send back some $_GET data presumably with the timestamp returned.
Somehow you would do delta on the timestamp to determine whether this
was a replay???
The usual way to do this is to hand a sequential number to the page
which, in turn, hands it back. The sequential number is then marked as
'processed' and all subsequent returns of the number are invalidated.
-david-
Navigation:
[Reply to this message]
|