Im looking for info about a secure alternative to the use of
$_server['http_refere'] to check in a script from where are arriving
$_post vars.
any suggestion?
Thans a lot.
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
AraDaen wrote:
Im looking for info about a secure alternative to the use of
$_server['http_refere'] to check in a script from where are arriving
$_post vars.
You could put a hash value into a hidden field on the form, and also
store it in the session. When the form is submitted only accept
Stut wrote:
You could put a hash value into a hidden field on the form, and
also store it in the session. When the form is submitted only
accept it if the hashes match.
However, this is very easy to get around, so I suggest you
consider why you think you need this level of checking.
Thanks guys now i know what must i do :)
Chris Shiflett escribió:
Stut wrote:
You could put a hash value into a hidden field on the form, and
also store it in the session. When the form is submitted only
accept it if the hashes match.
However, this is very easy to get around, so I
On Tue, April 24, 2007 9:35 am, AraDaen wrote:
Im looking for info about a secure alternative to the use of
$_server['http_refere'] to check in a script from where are arriving
$_post vars.
any suggestion?
HTTP_REFERER is not even reliably sent on all browser, much less
useful as a security
5 matches
Mail list logo
