--- Ryan A <[EMAIL PROTECTED]> wrote: > Somehow 1 person has found out about them and is creating havoc with > that damn account by changing those variables to differient numbers > ...any idea how he is doing that?
I have many ideas. First of all, I bet you are using PHP sessions, and you have done nothing beyond getting them to work, right? One important note about PHP sessions is that they provide the mechanism only; it is your job to provide whatever security you deem appropriate. Read the section entitled Sessions and security here: http://www.php.net/session If you have taken steps to prevent impersonation, can you describe them? I'm sure I can easily evaluate the potential weaknesses in your approach. Chris ===== My Blog http://shiflett.org/ HTTP Developer's Handbook http://httphandbook.org/ RAMP Training Courses http://www.nyphp.org/ramp -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
