with anyone, regardless of NDAs and such.
You might want to check out the links Christophe mentioned, as these
provide free advice, which seems to be more along the lines of what you
want.
Chris
--
Chris Shiflett
Brain Bulb, The PHP Consultancy
http://brainbulb.com/
--
PHP General Mailing
Graham Anderson wrote:
Can the server variable 'user agent' be modified/spoofed by the user?
Yes, this value is being sent by the client.
Chris
--
Chris Shiflett
Brain Bulb, The PHP Consultancy
http://brainbulb.com/
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http
Danny Brow wrote:
Zend sells a compiler to speed up your PHP code. Since it's compiled,
it also does not contain the source code in readable form. You should
visit the Zend website.
Any free ones?
http://pecl.php.net/package/APC
--
Chris Shiflett
Brain Bulb, The PHP Consultancy
http
beside me):
Other things are that addslashes() screws up with big-5 (it can contains
\'s in multi-byte characters), and mysql_real_escape_string() takes into
account charcter sets.
--
Chris Shiflett
Brain Bulb, The PHP Consultancy
http://brainbulb.com/
--
PHP General Mailing List (http://www.php.net
,
product_serial_number FROM Products', $db) or exit(mysql_error());
Hope that helps.
Chris
--
Chris Shiflett
Brain Bulb, The PHP Consultancy
http://brainbulb.com/
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
://shiflett.org/archive/115
Chris
--
Chris Shiflett
Brain Bulb, The PHP Consultancy
http://brainbulb.com/
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
avoiding).
Being mindful of this, it's also helpful to not even display it to the
user, instead showing only the last four digits or something, because
this display also counts as exposure (since it's in the response).
I'm certainly interested to know when/why Chris Shiflett would store a CC
and virtual dedicated
servers.
Hope that helps.
Chris
--
Chris Shiflett
Brain Bulb, The PHP Consultancy
http://brainbulb.com/
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Joey wrote:
Sorry to post this here, but I don't know if the list has a jobs section
etc. or if there is a good place where I can post job opportunities for php
programmers?
This list is fine.
Chris
--
Chris Shiflett
Brain Bulb, The PHP Consultancy
http://brainbulb.com/
--
PHP General Mailing List
blackwater dev wrote:
I want to check a string for only numbers and letters but am banging
my head with regex:
ctype_alnum()
Chris
--
Chris Shiflett
Brain Bulb, The PHP Consultancy
http://brainbulb.com/
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net
urlencode it
`urlencode(urlencode($sData))` while Firefox and Opera (and, I imagine,
every other non-microsoft browser out there) only needs to be encoded once.
Can you provide a specific example? As horrible as IE is, I can't
imagine that it doesn't properly handle URL encoding.
Chris
--
Chris Shiflett
from the same domain).
Hope that helps.
Chris
--
Chris Shiflett
Brain Bulb, The PHP Consultancy
http://brainbulb.com/
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
of storing
passwords in cookies is absurd.
Chris
--
Chris Shiflett
Brain Bulb, The PHP Consultancy
http://brainbulb.com/
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
.
Hope that helps.
Chris
--
Chris Shiflett
Brain Bulb, The PHP Consultancy
http://brainbulb.com/
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
considerations can require that you couple its retrieval
with other session data rather than incur the extra expense. It's just
one of those things that is a little bit application-specific.
Chris
--
Chris Shiflett
Brain Bulb, The PHP Consultancy
http://brainbulb.com/
--
PHP General Mailing List (http
Jeremy Reynolds wrote:
What if I want to include some literal test into a PHP document that I
don't want it to interpret as it loads.
You can use something like readfile() instead of include.
Hope that helps.
Chris
--
Chris Shiflett
Brain Bulb, The PHP Consultancy
http://brainbulb.com/
--
PHP
it.)
Hope that helps.
Chris
--
Chris Shiflett
Brain Bulb, The PHP Consultancy
http://brainbulb.com/
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
of HTTP Developer's Handbook explains cookies:
http://shiflett.org/books/http-developers-handbook/chapters/11
See Figure 11.3 for an illustration of the exchange I just described.
Hope that helps.
Chris
--
Chris Shiflett
Brain Bulb, The PHP Consultancy
http://brainbulb.com/
--
PHP General Mailing List
clear.
I don't recommend skipping either of these two crucial steps, but
escaping can help protect you against weak or broken filtering. Because
there are built-in escaping functions for most external systems, you
should rely on these where possible.
Hope that helps.
Chris
--
Chris Shiflett
Brain
might be as good or better than
that article. The article also has user comments at the bottom, so you
might find something useful there also.
Hope that helps.
Chris
--
Chris Shiflett
Brain Bulb, The PHP Consultancy
http://brainbulb.com/
--
PHP General Mailing List (http://www.php.net
--
Chris Shiflett
Brain Bulb, The PHP Consultancy
http://brainbulb.com/
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
John Hinton wrote:
Seems my old setcookie scripts are busted in php with globals off.
Use $_COOKIES['name'].
Chris
--
Chris Shiflett
Brain Bulb, The PHP Consultancy
http://brainbulb.com/
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
terminates (or you manually flush).
Hope that helps.
Chris
--
Chris Shiflett
Brain Bulb, The PHP Consultancy
http://brainbulb.com/
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
it, but these might have
essentially the same behavior (e.g., memory is freed but not overwritten).
Hope that helps.
Chris
--
Chris Shiflett
Brain Bulb, The PHP Consultancy
http://brainbulb.com/
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
in
the log message.
Try using double quotes instead of single quotes.
Hope that helps.
Chris
--
Chris Shiflett
Brain Bulb, The PHP Consultancy
http://brainbulb.com/
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
not trust the description? It seems to me that 1 cannot start a
name. I bet $news['id'] starts with a 1 in this case.
I'm not really sure what you're asking...
Chris
--
Chris Shiflett
Brain Bulb, The PHP Consultancy
http://brainbulb.com/
--
PHP General Mailing List (http://www.php.net
treates as HTML, and
hi.php is being treated as PHP. No surprise there.
You can modify this behavior and make Apache treat .html files as PHP by
adding .html to your AddType directive in httpd.conf. Are you really
sure this is what you need?
Chris
--
Chris Shiflett
Brain Bulb, The PHP Consultancy
you
show us a specific example that would let us reproduce the problem locally?
Chris
--
Chris Shiflett
Brain Bulb, The PHP Consultancy
http://brainbulb.com/
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
){ // this is line 5
Maybe you error is that check_zero() is spelled differently than check()?
Chris
--
Chris Shiflett
Brain Bulb, The PHP Consultancy
http://brainbulb.com/
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
, but this alone doesn't
provide enough information.
Chris
--
Chris Shiflett
Brain Bulb, The PHP Consultancy
http://brainbulb.com/
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
document. :-)
There are many details you're not giving us (you can leave out the
details involving the XML document itself, of course), so it's pretty
much impossible to even guess an answer to your question.
Chris
--
Chris Shiflett
Brain Bulb, The PHP Consultancy
http://brainbulb.com/
--
PHP General
';
break;
default:
echo 'The name wasn't one of those';
}
Hope that helps.
Chris
--
Chris Shiflett
Brain Bulb, The PHP Consultancy
http://brainbulb.com/
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
.
Chris
--
Chris Shiflett
Brain Bulb, The PHP Consultancy
http://brainbulb.com/
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
trusting it? That's a very dangerous practice.
If you explain your problem, we might be able to offer some help.
Chris
--
Chris Shiflett
Brain Bulb, The PHP Consultancy
http://brainbulb.com/
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
a browser makes a request, it checks for cookies to be included in the
Cookie header. Only those that meet the requirements (domain, path,
expiry, etc.) are included.
Hope that helps.
Chris
--
Chris Shiflett
Brain Bulb, The PHP Consultancy
http://brainbulb.com/
--
PHP General Mailing List (http
directive (Apache). In httpd.conf, just do something like this:
DirectoryIndex index.html index.php
This gives preference to a static index, if it exists. You can only use
index.php if you want.
Hope that helps.
Chris
--
Chris Shiflett
Brain Bulb, The PHP Consultancy
http://brainbulb.com/
--
PHP General
=
Chris Shiflett - http://shiflett.org/
PHP Security - O'Reilly HTTP Developer's Handbook - Sams
Coming Soon http://httphandbook.org/
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
else you do. You can connect to a thousand
different servers, collect data from a thousand different databases, and
do stuff more complex than any PHP developer has ever done before.
However, if you never output anything, the client is going to see a blank
page.
Hope that helps.
Chris
=
Chris
no. of words/post
Richard certainly contributes a lot, and I think he's in the top 10 (Curt
Zirzow actually compiled these statistics a while back), but no one comes
close to John Holmes.
Chris
=
Chris Shiflett - http://shiflett.org/
PHP Security - O'Reilly HTTP Developer's Handbook - Sams
--- William Stokes [EMAIL PROTECTED] wrote:
If I send a session cookie to browser where it is stored in WinXP?
Session cookies are kept in memory.
Chris
=
Chris Shiflett - http://shiflett.org/
PHP Security - O'Reilly HTTP Developer's Handbook - Sams
Coming Soon http
not act on the cookie nor the $_SESSION
superglobal array.
Hope that helps.
Chris
=
Chris Shiflett - http://shiflett.org/
PHP Security - O'Reilly HTTP Developer's Handbook - Sams
Coming Soon http://httphandbook.org/
--
PHP General Mailing List (http://www.php.net
is the language to go
for.
That's easy. ASP.Net requires that you run IIS.
Debate over.
Chris
=
Chris Shiflett - http://shiflett.org/
PHP Security - O'Reilly HTTP Developer's Handbook - Sams
Coming Soon http://httphandbook.org/
--
PHP General Mailing List (http://www.php.net
risk.
My favorite method of handling this is described at the end of this
article:
http://shiflett.org/articles/security-corner-mar2004
Hope that helps.
Chris
=
Chris Shiflett - http://shiflett.org/
PHP Security - O'Reilly HTTP Developer's Handbook - Sams
Coming Soon
the form.
This is not a PHP question.
Chris
=
Chris Shiflett - http://shiflett.org/
PHP Security - O'Reilly HTTP Developer's Handbook - Sams
Coming Soon http://httphandbook.org/
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net
/0672325616
Hope that helps.
Chris
=
Chris Shiflett - http://shiflett.org/
PHP Security - O'Reilly HTTP Developer's Handbook - Sams
Coming Soon http://httphandbook.org/
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
, and a secure
server doesn't make a secure application.
Chris
=
Chris Shiflett - http://shiflett.org/
PHP Security - O'Reilly HTTP Developer's Handbook - Sams
Coming Soon http://httphandbook.org/
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http
://phpsec.org/projects/guide/
Chris
=
Chris Shiflett - http://shiflett.org/
PHP Security - O'Reilly HTTP Developer's Handbook - Sams
Coming Soon http://httphandbook.org/
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
to talk the site up a bit because I get the feeling it has the
potential to really make a positive impact... guess that didn't come
over to well.
No worries - it came across just fine. :-)
Chris
=
Chris Shiflett - http://shiflett.org/
PHP Security - O'Reilly HTTP Developer's Handbook
the community about secure programming
practices has risen, said Chris Shiflett, the group's founder.
The PHPSC web site (http://phpsec.org/) provides a variety of security
resources for PHP developers, including the group's flagship project, the
PHP Security Guide.
PHP application security is a topic
an approach like the following to make sure something
is an integer:
?php
$clean = array();
if ($_POST['num'] === strval(intval($_POST['num'])))
{
$clean['num'] = $_POST['num'];
}
?
Hope that helps.
Chris
=
Chris Shiflett - http://shiflett.org/
PHP Security - O'Reilly HTTP Developer's
.
Hope that helps.
Chris
=
Chris Shiflett - http://shiflett.org/
PHP Security - O'Reilly HTTP Developer's Handbook - Sams
Coming Soon http://httphandbook.org/
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
this to be far superior to any other testing framework for
web applications. It is also the official testing framework for the Apache
httpd project:
http://httpd.apache.org/test/
Now PHP developers can also use Apache-Test. :-)
Chris
=
Chris Shiflett - http://shiflett.org/
PHP Security
and disadvantages to each, and PHP certainly doesn't win on
all fronts.
Chris
=
Chris Shiflett - http://shiflett.org/
PHP Security - O'Reilly HTTP Developer's Handbook - Sams
Coming Soon http://httphandbook.org/
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit
the two primary means of doing so? You can persist
data in memory, I guess, depending on how permanent you need this to be -
your hit counter would be reset when the server reboots. It could be like
the high scores on an arcade machine. :-)
Chris
=
Chris Shiflett - http://shiflett.org/
PHP
) and not in the language. The include and require language
constructs in PHP can be used independently of support for SSI.
Hope that helps.
Chris
=
Chris Shiflett - http://shiflett.org/
PHP Security - O'Reilly HTTP Developer's Handbook - Sams
Coming Soon http://httphandbook.org
and security.
Chris
=
Chris Shiflett - http://shiflett.org/
PHP Security - O'Reilly HTTP Developer's Handbook - Sams
Coming Soon http://httphandbook.org/
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
--- Sebastian [EMAIL PROTECTED] wrote:
im looking for a person or a place that will check or try
to break a site.
This is the least effective means of auditing an application. Letting an
experienced person review your code is much, much better.
Chris
=
Chris Shiflett - http://shiflett.org
, there
are some pretty simple steps you can take to mitigate the risks, or you
can adhere to strict practices if you work at it.
Hope that helps.
Chris
=
Chris Shiflett - http://shiflett.org/
PHP Security - O'Reilly HTTP Developer's Handbook - Sams
Coming Soon http
/security.database.sql-injection.php
Chris
=
Chris Shiflett - http://shiflett.org/
PHP Security - O'Reilly HTTP Developer's Handbook - Sams
Coming Soon http://httphandbook.org/
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net
from this
sort of list.
Having another founder on the list would certainly be helpful, if you're
interested in contributing. Eventually, we want to have much more than a
mailing list, however - we'd like to create a resource as useful as Perl
Mongers.
Chris
=
Chris Shiflett - http
things for you.
Hope that helps.
Chris
=
Chris Shiflett - http://shiflett.org/
PHP Security - O'Reilly HTTP Developer's Handbook - Sams
Coming Soon http://httphandbook.org/
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net
too comfortable. :-)
Chris
=
Chris Shiflett - http://shiflett.org/
PHP Security - O'Reilly HTTP Developer's Handbook - Sams
Coming Soon http://httphandbook.org/
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
, and an unnecessary risk is always a poor choice.
Chris
=
Chris Shiflett - http://shiflett.org/
PHP Security - O'Reilly HTTP Developer's Handbook - Sams
Coming Soon http://httphandbook.org/
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http
/image.php/foo.jpg
Another one that I've seen referenced frequently (especially back when
this was a larger and more common problem) is this:
http://example.org/image.php?iesucks=foo.jpg
Chris
=
Chris Shiflett - http://shiflett.org/
PHP Security - O'Reilly HTTP Developer's Handbook
different than blind paranoia. If this perspective were applied to HTML
forms, no one could use them.
Chris
=
Chris Shiflett - http://shiflett.org/
PHP Security - O'Reilly HTTP Developer's Handbook - Sams
Coming Soon http://httphandbook.org/
--
PHP General Mailing List (http
frequently write about.
Hope that helps.
Chris
=
Chris Shiflett - http://shiflett.org/
PHP Security - O'Reilly HTTP Developer's Handbook - Sams
Coming Soon http://httphandbook.org/
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net
that training for the use of Free/Open Source
Software would require win2k/xp.
Yes, I agree. If you can manage to work around this hassle, I think you'll
find the training to be worth it. I hope so. :-)
Chris
=
Chris Shiflett - http://shiflett.org/
PHP Security - O'Reilly HTTP Developer's
Maybe a daft question but why would you like to check for a
specific value?
Can you give an example when this is a good thing to do?
You might have two submit buttons, where you want to take a different
action depending upon which one the user clicks.
Chris
=
Chris Shiflett - http
this, whether by choice or due
to some factor you cannot control, you're going to have to accept that it
is a security risk, regardless of the name.
I know you both agree, but I want to make sure this point isn't lost. :-)
Chris
=
Chris Shiflett - http://shiflett.org/
PHP Security - O'Reilly
someone in the middle of
converting from tabs to spaces. I've basically decided to switch for two
reasons: improved precision over formatting and consistency with other
major open source projects. This doesn't mean spaces are best for
everyone, but that's my reasoning.
Chris
=
Chris Shiflett
matter. Of course, if you're to the point where the difference is
important to you, you're to the point where you should figure out how to
use APC or something. :-)
Chris
=
Chris Shiflett - http://shiflett.org/
PHP Security - O'Reilly HTTP Developer's Handbook - Sams
Coming February 2005
--- Peter Lauri [EMAIL PROTECTED] wrote:
Can someone from outside set a $_SESSION variable with some
hacker techniqe?
For all practical purposes, no. Session data is kept on the server and
therefore less exposed and less vulnerable than other data.
Chris
=
Chris Shiflett - http
--- Peter Lauri [EMAIL PROTECTED] wrote:
If you use the Autority HTTP that pops up a login window by
default, is that safe against listeners?
Assuming you mean HTTP Basic Authentication, it is not encrypted, so it is
not safe from snooping.
Chris
=
Chris Shiflett - http://shiflett.org
. :-)
Chris
=
Chris Shiflett - http://shiflett.org/
PHP Security - O'Reilly HTTP Developer's Handbook - Sams
Coming February 2005http://httphandbook.org/
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
--- Rayan Lahoud [EMAIL PROTECTED] wrote:
does anybody knows how to call a C function from a php code?
Try this:
http://pear.php.net/package/Inline_C
Hope that helps.
Chris
=
Chris Shiflett - http://shiflett.org/
PHP Security - O'Reilly HTTP Developer's Handbook - Sams
Coming
topics, but luckily cookies are one of those.
Hope that helps.
Chris
=
Chris Shiflett - http://shiflett.org/
PHP Security - O'Reilly HTTP Developer's Handbook - Sams
Coming February 2005http://httphandbook.org/
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe
reason is equally as strong.
Hope that helps. Thanks for appreciating my work.
Chris
=
Chris Shiflett - http://shiflett.org/
PHP Security - O'Reilly HTTP Developer's Handbook - Sams
Coming February 2005http://httphandbook.org/
--
PHP General Mailing List (http://www.php.net
/php-security.pdf
That doesn't cover everything, of course, but it covers those things I
have chosen as most important when I only have three hours to talk about
security concerns. :-)
Chris
=
Chris Shiflett - http://shiflett.org/
PHP Security - O'Reilly HTTP Developer's Handbook - Sams
exceed it in a single
bound, and your whole site would stop working.
Greg++ :-)
Chris
=
Chris Shiflett - http://shiflett.org/
PHP Security - O'Reilly HTTP Developer's Handbook - Sams
Coming January 2005 http://httphandbook.org/
--
PHP General Mailing List (http://www.php.net
:
http://www.php.net/array
Hope that helps.
Chris
=
Chris Shiflett - http://shiflett.org/
PHP Security - O'Reilly HTTP Developer's Handbook - Sams
Coming January 2005 http://httphandbook.org/
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http
ever heard...
Chris
=
Chris Shiflett - http://shiflett.org/
PHP Security - O'Reilly HTTP Developer's Handbook - Sams
Coming January 2005 http://httphandbook.org/
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
, and even then there
can be problems (you accidentally decrement a variable twice before
evaluating it again, so that it goes from 1 to -1 and continues to
evaluate as true forever).
In short, complexity breeds problems, regardless of how smart you are.
Chris
=
Chris Shiflett - http
ideas on how to pass the password when it's
prompted?
Yes, you have to use a language like Expect.
If you want to stick with PHP, you're better off using an ssh key, so that
you're not prompted for the password.
Hope that helps.
Chris
=
Chris Shiflett - http://shiflett.org/
PHP Security
else to find it. If we know where it is, why not just return it?
That's the basis of my opinion. :-)
Hope that helps.
Chris
=
Chris Shiflett - http://shiflett.org/
PHP Security - O'Reilly HTTP Developer's Handbook - Sams
Coming January 2004 http://httphandbook.org/
--
PHP
Does anyone know whether there is a way to specify the path of php.ini
within httpd.conf or something similar? There is an environment variabled
named PHPRC that is almost useful enough, but it must exist within the
environment used to start Apache (e.g., using SetEnv in httpd.conf won't
work -
--- Jonel Rienton [EMAIL PROTECTED] wrote:
There was a very recent discussion about this, look up the
archive from the past week or 2.
If you're referring to the responses to this question:
http://marc.theaimsgroup.com/?l=php-generalm=109907804615206w=2
then it's a different issue. If you're
a relative one.
So, the first thing to try is using a proper Location header:
header('Location: http://example.org/success.php');
Hope that helps.
Chris
=
Chris Shiflett - http://shiflett.org/
PHP Security - O'Reilly HTTP Developer's Handbook - Sams
Coming December 2004http
--- Jason Wong [EMAIL PROTECTED] wrote:
As I have pointed out in a previous thread and Mike has pointed
out in this thread you MUST use
session_write_close()
before you do a redirect.
Are you certain? If this is true, it is a bug in PHP, and we should fix
it.
Chris
=
Chris
(from the
session_id() call) changing for every page.
Chris
=
Chris Shiflett - http://shiflett.org/
PHP Security - O'Reilly HTTP Developer's Handbook - Sams
Coming December 2004http://httphandbook.org/
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http
a redirect.
Everything else in the email just gets in the way and makes it harder to
follow. That's all.
Chris
=
Chris Shiflett - http://shiflett.org/
PHP Security - O'Reilly HTTP Developer's Handbook - Sams
Coming December 2004http://httphandbook.org/
--
PHP General Mailing List
?
Chris
=
Chris Shiflett - http://shiflett.org/
PHP Security - O'Reilly HTTP Developer's Handbook - Sams
Coming December 2004http://httphandbook.org/
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
why I used the word request. :-)
You'll have a very tough time getting an answer if you can't explain your
question. That's the only helpful hint I can provide.
Chris
=
Chris Shiflett - http://shiflett.org/
PHP Security - O'Reilly HTTP Developer's Handbook - Sams
Coming December 2004
=
Chris Shiflett - http://shiflett.org/
PHP Security - O'Reilly HTTP Developer's Handbook - Sams
Coming December 2004http://httphandbook.org/
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
level of security to
users whose preferences allow them. Because they were created with the
specific purpose of adding state to HTTP, they tend to address this
problem the best.
Chris
=
Chris Shiflett - http://shiflett.org/
PHP Security - O'Reilly HTTP Developer's Handbook - Sams
Coming
--- Pahlevanzadeh Mohsen [EMAIL PROTECTED] wrote:
I need to post a header without Form tag.
The header() function can be used to add a header to the response:
http://www.php.net/header
I'm not sure what this has to do with a form tag...
Chris
=
Chris Shiflett - http://shiflett.org/
PHP
time script3.php is requested.
Hope that helps.
Chris
=
Chris Shiflett - http://shiflett.org/
PHP Security - O'Reilly HTTP Developer's Handbook - Sams
Coming December 2004http://httphandbook.org/
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http
--- John Holmes [EMAIL PROTECTED] wrote:
header('Location: http://www.example.org/script2.php?.SID);
He is human after all. :-)
Chris
=
Chris Shiflett - http://shiflett.org/
PHP Security - O'Reilly HTTP Developer's Handbook - Sams
Coming December 2004http://httphandbook.org
://shiflett.org/articles/the-truth-about-sessions
Hope that helps.
Chris
=
Chris Shiflett - http://shiflett.org/
PHP Security - O'Reilly HTTP Developer's Handbook - Sams
Coming December 2004http://httphandbook.org/
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http
of curiosity, why would you want a single user to have two separate
sessions?
Chris
=
Chris Shiflett - http://shiflett.org/
PHP Security - O'Reilly HTTP Developer's Handbook - Sams
Coming December 2004http://httphandbook.org/
--
PHP General Mailing List (http://www.php.net
to dedicate to the server, I'm stuck with
using my personal computer as the server as well and all my
programs/games need Windows.
You cannot provide reasonable security with this approach, in my opinion.
Chris
=
Chris Shiflett - http://shiflett.org/
PHP Security - O'Reilly HTTP
201 - 300 of 1537 matches
Mail list logo