On 6/27/06, Sam <[EMAIL PROTECTED]> wrote: > Yes, preferably using the .HTACCESS file. I am already given the > source code, which is mostly PHP files. This is a database driven > website, developed by a vendor. I just want more security by not > exposing the internal URLs.
That's security through obscurity. You won't be making it more secure by not exposing the internal URLs in the address bar. In case you use frames, a user looks at the source of the frameset and he will see the full URL to the visible frame. If you decide to use some rewriting, you'll just be changing the way the parameters are passed. I mean, instead of calling: http://example.org/article.php?id=10 you'll be calling: http://example.org/article/10 Of course, the second might seem more "clean", but is in no way more secure than the first. After all, you'll end up having the same $_GET['id'] to play in your code, no matter how it is called. -- Bruno Lustosa <[EMAIL PROTECTED]> ZCE - Zend Certified Engineer - PHP! http://www.lustosa.net/ ------------------------ Yahoo! Groups Sponsor --------------------~--> See what's inside the new Yahoo! Groups email. http://us.click.yahoo.com/2pRQfA/bOaOAA/yQLSAA/HKFolB/TM --------------------------------------------------------------------~-> Community email addresses: Post message: [email protected] Subscribe: [EMAIL PROTECTED] Unsubscribe: [EMAIL PROTECTED] List owner: [EMAIL PROTECTED] Shortcut URL to this page: http://groups.yahoo.com/group/php-list Yahoo! Groups Links <*> To visit your group on the web, go to: http://groups.yahoo.com/group/php-list/ <*> To unsubscribe from this group, send an email to: [EMAIL PROTECTED] <*> Your use of Yahoo! Groups is subject to: http://docs.yahoo.com/info/terms/
