--- Jeff McKeon <[EMAIL PROTECTED]> wrote:
> $_SESSION['userid'] = $userid;
> $_SESSION['userpassword'] = $userpassword;
[snip]
> Anything look wrong or insecure with all of this?
The only thing that catches my attention is your assignments for
$_SESSION['userid'] and $_SESSION['userpassword']. I assume you are performing
some strict data validation on $userid and $userpassword before this
assignment, right? If not, this presents a significant risk, because $_SESSION
is a trusted array (it comes from the server, not the client).
Hope that helps.
Chris
=====
My Blog
http://shiflett.org/
HTTP Developer's Handbook
http://httphandbook.org/
RAMP Training Courses
http://www.nyphp.org/ramp
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
