There is no real way to stop this (assuming no authentication mechanism). HTTP_REFERER is not a proper way to check since i.e AOL use proxy servers for their subs. In that case, the referer is set to the proxy (or nothing at all).
sessions don't work either, since anyone can use curl w/ cookies and fake out any session stuff (i.e script an attack to POST bogus information to your app). This is assuming that none of your pages use some sort of authentication mechanism that require a valid login. If you do have a auth mechanism, then just make sure to protect the pages that receive POSTs. In general: it's best to protect CRUDing sensitive information w/ credentials. --Eric -----Original Message----- From: [email protected] [mailto:[EMAIL PROTECTED] On Behalf Of Mike Brandonisio Sent: Wednesday, June 28, 2006 2:02 PM To: [email protected] Subject: Re: [php_mysql] Re: Protecting my database... Hi, No not difficult. Just add: session_start(); at the very top of all scripts or any script you want to have access to session variables. Then you can use variables like: $_SESSION['var'] on any page and they are available, once set, from script to script. Sincerely, Mike -- Mike Brandonisio * Web Hosting Tech One Illustration * Internet Marketing tel (630) 759-9283 * e-Commerce [EMAIL PROTECTED] * http://www.jikometrix.net JIKOmetrix - Reliable web hosting On Jun 28, 2006, at 2:12 PM, J Siegel wrote: >> I like to create session variables and test for them: >> >> if (isset($_SESSION['flag'])){ >> //do stuff >> } else { >> //redirect to home page >> } >> >> Only your php scripts would know what variable to set. >> > > > That is exactly the kind of thing I'm interested in. I've never used > session variables. Is there any trick to them? Don't they "live" for > a certain period of time? Would that allow someone to access my site > and then access my php script on their own afterwards? > > Thanks for your suggestion. > > > > > > ------------------------ Yahoo! Groups Sponsor -------------------- > ~--> > Yahoo! Groups gets a make over. See the new email design. > http://us.click.yahoo.com/XISQkA/lOaOAA/yQLSAA/CefplB/TM > -------------------------------------------------------------------- > ~-> > > The php_mysql group is dedicated to learn more about the PHP/MySQL > web database possibilities through group learning. > Yahoo! Groups Links > > > > > > > > > The php_mysql group is dedicated to learn more about the PHP/MySQL web database possibilities through group learning. Yahoo! Groups Links ------------------------ Yahoo! Groups Sponsor --------------------~--> Something is new at Yahoo! Groups. Check out the enhanced email design. http://us.click.yahoo.com/SISQkA/gOaOAA/yQLSAA/CefplB/TM --------------------------------------------------------------------~-> The php_mysql group is dedicated to learn more about the PHP/MySQL web database possibilities through group learning. Yahoo! Groups Links <*> To visit your group on the web, go to: http://groups.yahoo.com/group/php_mysql/ <*> To unsubscribe from this group, send an email to: [EMAIL PROTECTED] <*> Your use of Yahoo! Groups is subject to: http://docs.yahoo.com/info/terms/
