Reply to Re: [PHP] How to protect a php script that sends variables to itself — PHP

Posted by "Richard Lynch" on 10/25/05 05:20

> The script , makeMoviePlaylist.php, is calling itself on the server
> with
> makeMoviePlaylist.php?cmd=getmovie&path=encrypted_path_to_the_movie
> The script, makeMoviePlaylist.php, accepts the request because it
> originated from ITSELF on the server...

How do you *KNOW* it originated from ITSELF?

Can't I just fake it out by copying the URL you are using?

> This request was sent from OUTSIDE the server. The main script,
> makeMoviePlaylist.php, realizes the this request did not originate
> from itself on the server

Again, how you do *KNOW* that to be true?

What's the big picture again?

They need to login to see the movies, right?

Or is it something else?

If just need login, use http://php.net/session_start and friends as I
just posted.

If it's something else, session_start() may not help.

--
Like Music?
http://l-i-e.com/artists.htm

[Back to original message]

Удаленная работа для программистов • Как заработать на Google AdSense • England, UK • статьи на английском • PHP MySQL CMS Apache Oscommerce • Online Business Knowledge Base • DVD MP3 AVI MP4 players codecs conversion help

Home • Search • Site Map • Set as Homepage • Add to Favourites

Сайт изготовлен в Студии Валентина Петручека —
изготовление и поддержка веб-сайтов, разработка программного обеспечения, поисковая оптимизация