I've got a script I include at the head of each of my scripts that checks $_POST['username'] and $_POST['password'] against a database, and exits to an error page if it doesn't check out. Every link is a post where it passes these two values. So if you open any page in the whole thing it has to have the actual value of a real username and password or it exits to an error page asking for these values.
This seems to have been working fine, but when I installed a newer version of php it started making noise about register globals being off. Upon further reading, it seems SESSIONS are insecure, COOKIES are insecure, POSTS and GETS are insecure. It seems to me that you would have to write some exceptionally stupid code for these things to be really openly insecure, so I must be missing something.
After a point it seems like if you leave your machine off or disconnect it from the network that would be the most secure but you have to pass this info somehow. What is the accepted practice for passing user info into variables?
-- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
