on 29/08/02 1:01 PM, Joseph Szobody ([EMAIL PROTECTED]) wrote:

>> But I wouldn't be relying on a remote IP for anything... they're too
>> unreliable.
> This wasn't meant to be a fool-proof security solution to begin with. None of
> these 'protected' pages contain anything real sensitive.

Yes, but you'll end up pissing off users with unnecessary error pages won't

> However... what are some good security procedures (besides an encrypted
> connection)? I'm pretty new to PHP security issues, can you point me in a
> direction?

I've got to admit that I don't spend a lot of time stewing over this stuff.
I should.  Generally, I make sure register_globals is off, and concentrate
on making sure the my session variables come from $_SESSION, my post vars
from $_POST, etc etc.

And there are probably hundreds of other little things I do automatically.

I know there's a decent article up on the subject, but I can't find them in
my bookmarks.

There is 3-part article on Zend about common mistakes:

And some stuff worth reading at:


PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to