On Wednesday 22 October 2003 08:47, Chris W. Parker wrote: > on Tuesday, October 21, 2003 5:30 PM said: > > Not a good method. If I get on your site and see my cookie has the > > value 241757219 in it, I just need to subtract one from the number > > and revisit your site. Now I'm the user who registered before me. > > Using the rand() or uniqid() method above means I have to guess an > > entire random number / character sequence, which is going to be > > harder (or nearly impossible). > > But that would require that you register immediately after the person > before you. Then you could compare the two numbers and figure out what > the base number is, but that seems REALLY unlikely.
If I understand the original proposition correctly it doesn't really matter. You just make up some 'random' ids around the range of your own and you'll get to login as someone else. -- Jason Wong -> Gremlins Associates -> www.gremlins.biz Open Source Software Systems Integrators * Web Design & Hosting * Internet & Intranet Applications Development * ------------------------------------------ Search the list archives before you post http://marc.theaimsgroup.com/?l=php-general ------------------------------------------ /* Mason's First Law of Synergism: The one day you'd sell your soul for something, souls are a glut. */ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
