I have pages that uses session for security that looks something like this:
<?php
session_start();
if( !isset($uid) )
{
include("include/auth.inc.php");
auth_user();
}
more code...
?>
so $uid tells me if the user is logged on or not...
but what if somebody calls the script directly from the address bar like
this: http://server/script.php?uid=10
wouldn't this be a security problem?
____________________________
. Christian Dechery (lemming)
. http://www.tanamesa.com.br
. Gaita-L Owner / Web Developer
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
