--- Jeff McKeon <[EMAIL PROTECTED]> wrote: > $_SESSION['userid'] = $userid; > $_SESSION['userpassword'] = $userpassword;
[snip] > Anything look wrong or insecure with all of this? The only thing that catches my attention is your assignments for $_SESSION['userid'] and $_SESSION['userpassword']. I assume you are performing some strict data validation on $userid and $userpassword before this assignment, right? If not, this presents a significant risk, because $_SESSION is a trusted array (it comes from the server, not the client). Hope that helps. Chris ===== My Blog http://shiflett.org/ HTTP Developer's Handbook http://httphandbook.org/ RAMP Training Courses http://www.nyphp.org/ramp -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php