Oh yeah. My bad. I forgot. I changed my directives to be smarter than
that ;-)

http://www.php.net/manual/en/configuration.directives.php

Yes, the person is passing it in, but it will get over-ridden by the
session and mooted out. 

> -----Original Message-----
> From: Leif K-Brooks [mailto:eurleif@;buyer-brokerage.com] 
> Sent: Monday, October 28, 2002 9:08 PM
> To: Daevid Vincent
> Cc: [EMAIL PROTECTED]
> Subject: Re: [PHP-DB] The Ethics and Access of Login
> 
> 
> That's a HUGE security flaw!  Anyone could send that in a GPC 
> value and 
> get unauthorized access!  USE $_SESSION['login'] INSTEAD!!!
> 
> Daevid Vincent wrote
> 
> >Then at the top of each page, just check if they're logged in or not.
> >  if( !$login ) { Header("Location: ".$LOGINPAGE."\n\n"); exit; }
> >  
> >
> 
> -- 
> The above message is encrypted with double rot13 encoding.  
> Any unauthorized attempt to decrypt it will be prosecuted to 
> the full extent of the law.
> 
> 
> 


-- 
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to