-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Jan,
And also, if these are php forms, you can also validate if
the pages are called by the originating forms.
eg:
<?php
if ($submit != "submit")
{
echo "<a
href=\"http://www.f00.org/login.php\";><h2>Cheater!!</h2></a>";
exit;
}
?>
something like that.
regards,
Kenneth P. Oncinian
Panasonic Communications Philippines Corporation
Information Systems Division - Network and Infrastructure Department
- --
PGP Public Key: http://m.1asphost.com/koncinian/koncinian.gnupg.key
Paolo Alexis Falcone wrote:
> On Monday 17 April 2006 12:21, jan gestre wrote:
>> our website, it is actually a jobsite running LAMP on redhat enterprise
>> edition currently has some issues, applicants who's currently logged
in can
>> browse and go to other applicants page by just changing any digit on the
>> url. how can i correct these serious issues? by directly editing the php
>> codes? enabling mod_rewrite? if by enabling mod_rewrite, how will i enable
>> the module without recompiling apache on our redhat box?
>> your inputs will be greatly appreciated.
>
> Instead of using HTTP GET, try using the HTTP POST method in your PHP code
> when you do form submissions.
>
>
> ----------------------------------------------------------------------
>
> _________________________________________________
> Philippine Linux Users' Group (PLUG) Mailing List
> [email protected] (#PLUG @ irc.free.net.ph)
> Read the Guidelines: http://linux.org.ph/lists
> Searchable Archives: http://archives.free.net.ph
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFEQyl69MTaiXoaMBgRAoZzAKCMy4GpkG6GQYFbnunAvvPgqCC5NgCeIJGI
qiFiJemLKZgTNPTHNlnT1dI=
=GYXt
-----END PGP SIGNATURE-----
_________________________________________________
Philippine Linux Users' Group (PLUG) Mailing List
[email protected] (#PLUG @ irc.free.net.ph)
Read the Guidelines: http://linux.org.ph/lists
Searchable Archives: http://archives.free.net.ph
