So now the hacker has to guess 'whatever' and 'whatever', right? Why not
just use uniqid() and md5() to create a truly random unique id, so
there's no chance of "guessing right"...
> -----Original Message-----
> From: Leif K-Brooks [mailto:[EMAIL PROTECTED]]
> Sent: Sunday, December 01, 2002 10:55 PM
> To: [EMAIL PROTECTED]
> Cc: [EMAIL PROTECTED]
> Subject: Re: [PHP-DB] Making field concat of autoincrement column and
> other values?
> I'm trying to make a customised session system (I could use PHP's
> built-in one, but I need a lot more control than it offers). I could
> use the autoincremented id in a cookie, but it would be easy for a
> hacker to change the cookie to gain access to others' data.
> John W. Holmes wrote:
> >>I could concat when selecting, but it will be used in the where
> >>(it is neccesary to do it like this, I'm also md5ing it but forgot
> >>mention that), and I'm guessing it would be bad for the server to
> >>to concat and md5 in the where clause.
> >Yeah, I guess so. This all begs the questions though of why you're
> >all of this in the first place...
> >---John Holmes...
> The above message is encrypted with double rot13 encoding. Any
> unauthorized attempt to decrypt it will be prosecuted to the full
> of the law.
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php