Hi, Didn't know this was the army :-)
first unless you got your variable ordering (POST, GET, Env, Sesssion etc). the values in the session can be easily overridden with a simple old query string. Sure would hate to have my username and password passed along to each page. remember that when you are using cookies the data actually get's transferred between the client and the server.
best regards
CPT John W. Holmes wrote:
From: <[EMAIL PROTECTED]>
Ok this is a major vulnerability that you are coding. Register globals on and password being stored in the session is like having a banner on your home page saying 'come and hack me'.
Please explain how you've come to this conclusion...
---John Holmes...
-- http://www.raditha.com/php/progress.php A progress bar for PHP file uploads.
-- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
