on 29/08/02 1:01 PM, Joseph Szobody ([EMAIL PROTECTED]) wrote: >> But I wouldn't be relying on a remote IP for anything... they're too >> unreliable. > > This wasn't meant to be a fool-proof security solution to begin with. None of > these 'protected' pages contain anything real sensitive.
Yes, but you'll end up pissing off users with unnecessary error pages won't you? > However... what are some good security procedures (besides an encrypted > connection)? I'm pretty new to PHP security issues, can you point me in a > direction? I've got to admit that I don't spend a lot of time stewing over this stuff. I should. Generally, I make sure register_globals is off, and concentrate on making sure the my session variables come from $_SESSION, my post vars from $_POST, etc etc. And there are probably hundreds of other little things I do automatically. I know there's a decent article up on the subject, but I can't find them in my bookmarks. There is 3-part article on Zend about common mistakes: http://www.zend.com/zend/art/ And some stuff worth reading at: http://www.phpadvisory.com/ Justin -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php