But the advantage of checking user agents would be that they'd either have
to write a new flash script, or manually post to the form via sockets, as
using I.E. to go to game.php?winner=me wouldn't work.
/* Chris Lambert, CTO - [EMAIL PROTECTED]
WhiteCrown Networks - More Than White Hats
Web Application Security - www.whitecrown.net
*/
----- Original Message -----
From: py <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Tuesday, July 10, 2001 9:04 AM
Subject: Re: [PHP] security
| But remember that once a user has accessed the .swf once, they can then
| get the path and call the file directly afterwards. Even worse, the .swf
is
| in the computer's cache.
|
| py
| ----- Original Message -----
| From: Chris Lambert - WhiteCrown Networks <[EMAIL PROTECTED]>
| To: AVisioN:::nomoremedia::: <[EMAIL PROTECTED]>
| Cc: <[EMAIL PROTECTED]>
| Sent: Tuesday, July 10, 2001 5:30 PM
| Subject: Re: [PHP] security
|
|
| > Check what the user agent is for the SWF, and see if it passes a
specific
| > referer. That should deter 99% of attempts.
| >
| > /* Chris Lambert, CTO - [EMAIL PROTECTED]
| > WhiteCrown Networks - More Than White Hats
| > Web Application Security - www.whitecrown.net
| > */
| >
| > ----- Original Message -----
| > From: AVisioN:::nomoremedia::: <[EMAIL PROTECTED]>
| > To: <[EMAIL PROTECTED]>
| > Sent: Tuesday, July 10, 2001 12:08 PM
| > Subject: [PHP] security
| >
| >
| > | Is it possible to restrict the use of a php-file to a special file
(for
| > | example an swf).
| > |
| > |
| > | --
| > | ---::::: AVisioN :::::---
| > | http://www.nomoremedia.de
| > | -::[EMAIL PROTECTED]::-
| > |
| > | "I have nothing to declare except my genius"._oscar_wild
| > |
| > |
| > |
| > | --
| > | PHP General Mailing List (http://www.php.net/)
| > | To unsubscribe, e-mail: [EMAIL PROTECTED]
| > | For additional commands, e-mail: [EMAIL PROTECTED]
| > | To contact the list administrators, e-mail:
[EMAIL PROTECTED]
| > |
| > |
| > |
| >
| >
| > --
| > PHP General Mailing List (http://www.php.net/)
| > To unsubscribe, e-mail: [EMAIL PROTECTED]
| > For additional commands, e-mail: [EMAIL PROTECTED]
| > To contact the list administrators, e-mail: [EMAIL PROTECTED]
| >
|
|
| --
| PHP General Mailing List (http://www.php.net/)
| To unsubscribe, e-mail: [EMAIL PROTECTED]
| For additional commands, e-mail: [EMAIL PROTECTED]
| To contact the list administrators, e-mail: [EMAIL PROTECTED]
|
|
|
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
