jan gestre wrote:
our website, it is actually a jobsite running LAMP on redhat enterprise edition currently has some issues, applicants who's currently logged in can browse and go to other applicants page by just changing any digit on the url. how can i correct these serious issues? by directly editing the php codes? enabling mod_rewrite? if by enabling mod_rewrite, how will i enable the module without recompiling apache on our redhat box?
The problem is with the design of the system, not with the URL. Even if someone changes the URL, the code should always verify that the logged-in user has access to the information corresponding to that ID. (isnt this OT? how about redirecting the question to a php mailing list?) HTH moogs _________________________________________________ Philippine Linux Users' Group (PLUG) Mailing List [email protected] (#PLUG @ irc.free.net.ph) Read the Guidelines: http://linux.org.ph/lists Searchable Archives: http://archives.free.net.ph
