I have made a file wich start a session and set a session variable if user and pass are verifyed. Than I use the session variable to protect all other userfiles.
To run the file I enter: http://myserver.com/start.php3?user=xxxxx&pass=yyyyyy What is the differans using SSL and enter the same url? If a hacker sniff the ssl-string can he send that string and start the file anyway? -- Regards, Jan Grafström Sweden -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php