Re: [PHP] if http_referer is not reliable then how do we ...

Capchas can't hold off any decently smart robots, anyone doing their research can find at least 3 tools that will defeat various capchas. For example pwntcha is one, Dan Kaminsky did a talk at black hat and defcon 16 on pwning audio capchas (and a lot of even good ones will offer audio as an option

[PHP] pcntl_fork, catching STDOUT of child?

Hello, PHP noob here. I've been working on writing a script (command-line) that forks a number of children to do various tasks. I've been using pcntl_waitpid inside a loop to wait for the children to exit, act on the results, and fork another copy of the child. Where I seem to be running into trou

Re: [PHP] if http_referer is not reliable then how do we ...

On Tue, Jan 17, 2012 at 2:34 AM, ma...@behnke.biz wrote: > You should not write the recipients email address in a hidden form, but > instead > read it from a config file. This way you can make sure, that no one alters it. > Although this won't stop anyone from using the mailform. Cannot emphasiz

Re: [PHP] sessions and expirations and isolations

On Tue, Jan 17, 2012 at 5:17 PM, Haluk Karamete wrote: > This brings the question to the following; > WHEN DOES THE SERVER KNOW THAT A USER IS REALLY GONE OR HE CLOSED HIS BROWSER? Just addressing this quesiton -- you are correct that the browser does not tell the application when it closes. What

[PHP] which server variables from this list can be spoofed?

I marked those I already know as "can", $_SERVER['REMOTE_ADDR'] CAN $_SERVER['HTTP_REFERER'] CAN $_SERVER['HTTP_USER_AGENT'] CAN $_SERVER['REQUEST_URI'] CAN ( cause it contains the query string part and user/hacker can easily change that ) Those I'm not too sure are as follows; $_SERVER['SE

Re: [PHP] which server variables from this list can be spoofed?

On Fri, Jan 20, 2012 at 10:07 AM, Haluk Karamete wrote: > I marked those I already know as "can", > > $_SERVER['REMOTE_ADDR']  CAN > $_SERVER['HTTP_REFERER']  CAN > $_SERVER['HTTP_USER_AGENT']  CAN > $_SERVER['REQUEST_URI']   CAN ( cause it contains the query string > part and user/hacker can easi

Re: [PHP] pcntl_fork, catching STDOUT of child?

Have a look at zeromq. http://vimeo.com/20605470 http://zguide.zeromq.org/php:all Hope it helps. On Fri, Jan 20, 2012 at 12:24 AM, Thomas Johnson wrote: > Hello, > > PHP noob here. I've been working on writing a script (command-line) that > forks a number of children to do various tasks. I've