On Thu, May 30, 2002 at 11:46:29PM -0400, Justin Blake wrote:
> I will soon be developing a user authentication system with different
> access levels. I will need to check the users against a mysql
> database. How secure is checking for a session var, and then
> redirecting with header('Location:...') ? Is there a way to get around
> this method of protection?
I'm no expert on this but I don't think session in PHP them selves have
any security embedded in it by them selves, you could just try to do a
bruteforce attack on sessionIDs (good luck :).
But what you yourself could do is keep track of eg. the IP adress of the
user and check if it doesn't change... if it does then maybe someone is
trying something fishy.
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php