On Thu, Jun 7, 2012 at 11:20 AM, Daniel P. Brown
wrote:
> On Thu, Jun 7, 2012 at 11:15 AM, Tedd Sperling wrote:
>>
>> 3. Looking for an explanation, I came across Daniel's post to the PHP
>> manual, which follows:
>>
>> http://www.webbytedd.com/b/sessions3
I see: http://www.webbytedd.com/b/
On Thu, Jun 7, 2012 at 11:15 AM, Tedd Sperling wrote:
>
> 3. Looking for an explanation, I came across Daniel's post to the PHP manual,
> which follows:
>
> http://www.webbytedd.com/b/sessions3
>
> Now I am totally bonkers.
>
> What am I not getting?
Anything. Because that page 404's. ;-P
I just want to point out that public IPs are no longer given out as
Class A, B, and C networks, but based on CIDR. You can use rwhois to
figure out who has use of a certain subnet and what the range of it is.
Thank you,
Micah Gersten
onShore Networks
Internal Developer
http://www.onshore.com
D
On Wed, Jul 23, 2008 at 12:10 PM, <[EMAIL PROTECTED]> wrote:
> Yes, sorry. I have a database that records ip of attacks on a customer
> server, what I like to do get a count so that I can see what subnet is
> doing the major of the attacks.
>
> select ip from ipslimit 10;
> +-+
On 5/30/07, Richard Lynch <[EMAIL PROTECTED]> wrote:> If they can get the first
cookie, they can get the second just as easily.
I thought this said "just as weasily" at first, and I thought, "Ain't that
the truth..."
--
Jared Farrish
Intermediate Web Developer
Denton, Tx
Abraham Maslow: "If the
On Tue, May 29, 2007 10:36 am, Jared Farrish wrote:
>> But the point here is that both pieces of information required to
>> authenticate that client are stored on the client. If someone can
>> get
>> one of them they can get the other, so it's no more secure than just
>> accepting the one cookie wi
On Tue, May 29, 2007 7:42 am, Stut wrote:
> Here one final thought... if there was a reliable way to add security
> to
> sessions don't you think that one of the multitude of web development
> languages out there would have done it, including PHP?
Several reliable security additions have been disc
Jared Farrish wrote:
I've asked the internals list why PHP doesn't natively validate the
session ID by using the user agent or other variables because I actually
don't know the reasoning behind it. I'll let you know what they say.
I would think it's because browsers are flaky and you can't real
But by doing that you're exposing how your app validates the
authentication key, leaving it open to being transferred to another
machine.
True. Although I'm only exposing a part of the auth chain, not *how* that is
constructed to produce the actual authentication token.
It does not, however, ti
Jared Farrish wrote:
That's not what I'm saying. My basic question is why send the "secondary
hash key" to the client when it doesn't need it? Use the authentication
key to identify the users data, then get the "secondary hash key" from
that data. The browser never needs to see the hash, and from
On 5/29/07, Jared Farrish <[EMAIL PROTECTED]> wrote:
I do think the stated best practice of SESSIONS, at this point, probably
does need to be described to be further useful as a topic of discussion.
I've been a little unclear in some things, so I get the feeling we've got
the same point of view,
That's not what I'm saying. My basic question is why send the "secondary
hash key" to the client when it doesn't need it? Use the authentication
key to identify the users data, then get the "secondary hash key" from
that data. The browser never needs to see the hash, and from a purist
security poi
Jared Farrish wrote:
On 5/29/07, Stut <[EMAIL PROTECTED]> wrote:
Don't get me wrong, I don't want to discourage anyone from thinking
about ways to improve it, but personally I consider this issue done to
death.
Well, I think the difference is that you send one key (a session
identifier)
and
On 5/29/07, Stut <[EMAIL PROTECTED]> wrote:
Don't get me wrong, I don't want to discourage anyone from thinking
about ways to improve it, but personally I consider this issue done to
death.
Well, I think the difference is that you send one key (a session identifier)
and hash on user agent rep
Jared Farrish wrote:
On 5/29/07, Stut <[EMAIL PROTECTED]> wrote:
The only part of an SSL connection that's not encrypted is the
handshaking that goes on to set it up in the first place. Everything
after that, the GET/POST line, headers and the body as well as the
entire response is encrypted.
On 5/29/07, Stut <[EMAIL PROTECTED]> wrote:
The only part of an SSL connection that's not encrypted is the
handshaking that goes on to set it up in the first place. Everything
after that, the GET/POST line, headers and the body as well as the
entire response is encrypted.
One of these days I'
Jared Farrish wrote:
On 5/29/07, Stut <[EMAIL PROTECTED]> wrote:
What utter crud. An SSL connection encrypts the whole HTTP conversation,
including headers and even the URL you are requesting. The response is
also encrypted. It doesn't matter whether you're doing a POST or a GET
request, it's a
On 5/29/07, Stut <[EMAIL PROTECTED]> wrote:
What utter crud. An SSL connection encrypts the whole HTTP conversation,
including headers and even the URL you are requesting. The response is
also encrypted. It doesn't matter whether you're doing a POST or a GET
request, it's all encrypted.
The U
Zoltán Németh wrote:
2007. 05. 29, kedd keltezéssel 10.09-kor Stut ezt írta:
Jared Farrish wrote:
1. script for login process is located on a SSL-enabled server, so
usernames and passwords are encrypted.
https:// is an envelope encryption, so POST data, which is a part of the
packet data, not
2007. 05. 29, kedd keltezéssel 10.09-kor Stut ezt írta:
> Jared Farrish wrote:
> >> 1. script for login process is located on a SSL-enabled server, so
> >> usernames and passwords are encrypted.
> > https:// is an envelope encryption, so POST data, which is a part of the
> > packet data, not packet
Jared Farrish wrote:
1. script for login process is located on a SSL-enabled server, so
usernames and passwords are encrypted.
https:// is an envelope encryption, so POST data, which is a part of the
packet data, not packet headers, is encrypted. As long as you POST or
COOKIE
data that needs e
1. script for login process is located on a SSL-enabled server, so
usernames and passwords are encrypted.
https:// is an envelope encryption, so POST data, which is a part of the
packet data, not packet headers, is encrypted. As long as you POST or COOKIE
data that needs encryption, you're fine.
On 4/16/05, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote:
> On 16 Apr 2005 Khorosh Irani wrote:
>
> > How I can find it in phpinfo() ?
>
> Another (simpler) approach is:
not as versitile though.
php_sapi_name() is better suited to situations where you will do
something differently depending on
On 16 Apr 2005 Khorosh Irani wrote:
> How I can find it in phpinfo() ?
Another (simpler) approach is:
echo php_sapi_name();
which will return 'cli', 'cgi', etc.
--
Tom
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
you write a script containing and only. You access that script through your web browser, and it will
return a variety of useful information. Amongst it will be information
labeled as SERVER API. If you are running as an apache module, Apache
will appear in the box beside it. If you are using CGI,
How I can find it in phpinfo() ?
On 4/16/05, Amir Mohammad Saied <[EMAIL PROTECTED]> wrote:
> phpinfo()
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http
phpinfo()
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Phplist wrote:
> php-general,您好!
>
> I've a PHP-MySQL site now.
> I've a empty database named 'dsx'.
> I'd like to creat a table named 'test' and insert some data in order
> to test the database can use now.
> Can any one give me some code abou
In article <002a01c24474$33be4d80$[EMAIL PROTECTED]>, [EMAIL PROTECTED]
says...
> SXMgdGhlcmUgaXMgYSB2b2x1bWUgbGltaXR0ZWQgZm9yIFBIUCB1cGxvYWQgZmlsZQ0KdXNpbmcg
> SFRUUD8NCkkgaGVhcmQgb2YgdGhlcmUgaXMgYSA4LTlNYiBsaW1pdHRlZCxpcyBpdCB0cnVlPw0K
> SXMgdGhlcmUgYSBtZXRob2QgdG8gc29sdmUgaXQ/DQo=
>
If you c
http://www.php.net/manual/en/configuration.php#ini.memory-limit
http://www.php.net/manual/en/configuration.php#ini.post-max-size
http://www.php.net/manual/en/configuration.php#ini.upload-max-filesize
Mintbaggio wrote:
> Is there is a volume limitted for PHP upload file
> using HTTP?
> I heard of
> An agent goes to an interface that reveals a list of customers from a
>database. These customers have provided referrals which now reside in a
>database. The agent selects a referral which is processed by an intermediary
>script which sets a flag in the database saying that "this agent" is, ha
31 matches
Mail list logo
