Re: [PHP] Re: Finding out how a variable was registered
On Wed, 5 Jun 2002, John Taylor-Johnston wrote: > If you change your header to pragma-nocache, he should not be able > to see the source to know what elements he needs for a . There are plenty of browsers (lynx being the obvious example) that will let you see the source regardless of any headers. And when all else fails, there's telnet www.example.com 80. miguel -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Re: Finding out how a variable was registered
It may not work for you but this seems to work for us: -Original Message- From: Scott Hurring [mailto:[EMAIL PROTECTED]] Sent: Wednesday, June 05, 2002 4:18 PM To: Php-General (E-mail) Subject: RE: [PHP] Re: Finding out how a variable was registered If you want to stop most people, try posting an MD5() hash of the field contents to the form, and then verifying it upon form submittal. For example: However, if you get a smart user, he can simply change the value and the MD5 hash to be the correct hash of the new value and circumvent all your work. (But then again, if you get anyone that's smart and committed, it's just a matter of time before he will figure out *some* loophole to subvert your forms) --- Scott Hurring Systems Programmer EAC Corporation [EMAIL PROTECTED] Voice: 201-462-2149 Fax: 201-288-1515 > -Original Message- > From: John Taylor-Johnston [mailto:[EMAIL PROTECTED]] > Sent: Wednesday, June 05, 2002 5:24 PM > To: [EMAIL PROTECTED] > Subject: [PHP] Re: Finding out how a variable was registered > > > If you change your header to pragma-nocache, he should not be able > to see the source to know what elements he needs for a . > Or you could also use a session to hide the variables? > > Joe Pemberton wrote: > > > Is there a function call to figure out how a variable was > registered? I am writing a page that handles a form and I > need to know whether or not a variable was created using the > GET or POST method (I don't want the user to be able to to > 'foo.php?var=value' and mess with the results) > > - - Joe > > > > [EMAIL PROTECTED] > > -- > John Taylor-Johnston > -- > --- > ' ' ' Collège de Sherbrooke: > ô¿ô http://www.collegesherbrooke.qc.ca/languesmodernes/ >- Université de Sherbrooke: > http://compcanlit.ca/ > 819-569-2064 > > > > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php > -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Re: Finding out how a variable was registered
If you want to stop most people, try posting an MD5() hash of the field contents to the form, and then verifying it upon form submittal. For example: However, if you get a smart user, he can simply change the value and the MD5 hash to be the correct hash of the new value and circumvent all your work. (But then again, if you get anyone that's smart and committed, it's just a matter of time before he will figure out *some* loophole to subvert your forms) --- Scott Hurring Systems Programmer EAC Corporation [EMAIL PROTECTED] Voice: 201-462-2149 Fax: 201-288-1515 > -Original Message- > From: John Taylor-Johnston [mailto:[EMAIL PROTECTED]] > Sent: Wednesday, June 05, 2002 5:24 PM > To: [EMAIL PROTECTED] > Subject: [PHP] Re: Finding out how a variable was registered > > > If you change your header to pragma-nocache, he should not be able > to see the source to know what elements he needs for a . > Or you could also use a session to hide the variables? > > Joe Pemberton wrote: > > > Is there a function call to figure out how a variable was > registered? I am writing a page that handles a form and I > need to know whether or not a variable was created using the > GET or POST method (I don't want the user to be able to to > 'foo.php?var=value' and mess with the results) > > - - Joe > > > > [EMAIL PROTECTED] > > -- > John Taylor-Johnston > -- > --- > ' ' ' Collège de Sherbrooke: > ô¿ô http://www.collegesherbrooke.qc.ca/languesmodernes/ >- Université de Sherbrooke: > http://compcanlit.ca/ > 819-569-2064 > > > > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php > -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php