I have pages that uses session for security that looks something like this:


        if( !isset($uid) )

        more code...

so $uid tells me if the user is logged on or not...

but what if somebody calls the script directly from the address bar like 
this: http://server/script.php?uid=10

wouldn't this be a security problem?
. Christian Dechery (lemming)
. http://www.tanamesa.com.br
. Gaita-L Owner / Web Developer

PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]

Reply via email to