Re-authenticate and make them login again when they do something
particularly dangerous/serious/big-time.
Nothing you've listed matches the above, except maybe changing their
current password to a new one.
I suppose you could do it just to change any profile setting, but some
goofball out there w
It's a website where you can reply to news, blogs and other messages and
with a forum.
On 2/26/07, Richard Lynch <[EMAIL PROTECTED]> wrote:
On Sun, February 25, 2007 6:45 pm, Tosca wrote:
> Quote from Fahad Pervaiz <[EMAIL PROTECTED]>:
> "To ensure best security use database as well. Store IP,
On Sun, February 25, 2007 6:45 pm, Tosca wrote:
> Quote from Fahad Pervaiz <[EMAIL PROTECTED]>:
> "To ensure best security use database as well. Store IP, Session ID,
> username, login time. After every few minutes you can re
> authenticate the
> user against these parameters."
>
> I have a log
Quote from Fahad Pervaiz <[EMAIL PROTECTED]>:
"To ensure best security use database as well. Store IP, Session ID,
username, login time. After every few minutes you can re authenticate the
user against these parameters."
I have a login system with sessions and a database where I store session I
#ORIGINAL##
i would like your input on session vs cookies regarding login data like
usernames/passwords ect...
END ORIGINAL
- Main difference is that cookies are stored on the client machine and
session is maintained on server machine.
- Cookies can store information for lo
Ok guys.
I used htmlentities and everything work fine.
Thanks gang.
""João Cândido de Souza Neto"" <[EMAIL PROTECTED]> escreveu na
mensagem news:[EMAIL PROTECTED]
> Hi everyone,
>
> Excuse me by off-topic.
>
> I´ve been a little trouble in showing data in html form.
>
> e.g.: In a e-commerce
>
>
> By the last answers i saw that someone do not understand wath
> i wanted to
> say.
>
> My strigs are always rightly escaped, but when i get it into
> a html form
> like it gets type="text" value="Sony 29" TV"> that is, the value of my
> input field lost
> part of the content.
>
By the last answers i saw that someone do not understand wath i wanted to
say.
My strigs are always rightly escaped, but when i get it into a html form
like it gets that is, the value of my input field lost
part of the content.
""João Cândido de Souza Neto"" <[EMAIL PROTECTED]> escreveu n
Thanks a lot by your answers everyone.
Tomorow i´ll be back in this system and i´ll test it.
""João Cândido de Souza Neto"" <[EMAIL PROTECTED]> escreveu na
mensagem news:[EMAIL PROTECTED]
> Hi everyone,
>
> Excuse me by off-topic.
>
> I´ve been a little trouble in showing data in html form
David Dorward wrote:
Ryan A wrote:
The problem is, if she has tried to upload a pic at the same time and
screwed up on the date of birth I am unable
to send back the value of the FILE box so that too get populated... I
tried setting a VALUE="path/file" but that
does not work.
As has already
Ryan A wrote:
> The problem is, if she has tried to upload a pic at the same time and
> screwed up on the date of birth I am unable
> to send back the value of the FILE box so that too get populated... I
> tried setting a VALUE="path/file" but that
> does not work.
As has already been pointed out,
--- Boyan Nedkov <[EMAIL PROTECTED]> wrote:
> > ... Short of any severe bugs in PHP's core, there is no way for a
> > user of your Web application to modify session data ...
>
> It seems that statement is not completely correct considering the topic
> discussed in the paper 'Session Fixation Vu
Yes, you are right, it was my misunderstanding, sorry guys.
Anyway, hope that posting was useful concerning the subject
of the discussion.
Boyan
--
CPT John W. Holmes wrote:
From: "Boyan Nedkov" <[EMAIL PROTECTED]>
[snip]
> ... Short of any severe bugs in PHP's core, there is no way for a
> use
From: "Boyan Nedkov" <[EMAIL PROTECTED]>
> [snip]
> > ... Short of any severe bugs in PHP's core, there is no way for a
> > user of your Web application to modify session data ...
> [/snip]
>
> It seems that statement is not completely correct considering the topic
> discussed in the paper 'Sess
[snip]
> ... Short of any severe bugs in PHP's core, there is no way for a
> user of your Web application to modify session data ...
[/snip]
It seems that statement is not completely correct considering the topic
discussed in the paper 'Session Fixation Vulnerability in Web-based
Applications'
On Thursday 06 November 2003 13:36, Chris Shiflett wrote:
> For example, if you store your sessions in a database, it's pretty trivial
> for another user to write a PHP script that allows him/her to navigate the
> filesystem, searching for your database access credentials. After all, if
> Apache/P
--- "John W. Holmes" <[EMAIL PROTECTED]> wrote:
> Pablo Gosse wrote:
>
> > As to your last point, can something else change the session vars
> > other than my php scripts, answers to that question are exactly what
> > I'm looking for.
>
> Other PHP scripts on the same server (doesn't have to be s
--- Pablo Gosse <[EMAIL PROTECTED]> wrote:
> In all honesty I don't know enough about how one would go about
> attempting to hack the values of a session other than through hacking
> into the session files, so if anyone has any input on this please pass
> it along.
Well, you basically hit the nail
Pablo Gosse wrote:
As to your last point, can something else change the session vars other
than my php scripts, answers to that question are exactly what I'm
looking for.
Other PHP scripts on the same server (doesn't have to be same domain)
and most anything that can access the filesystem could m
On Wednesday, November 05, 2003 5:43 PM, Lang wrote:
/*---*/
1. Have register_globals set to off in your php.ini
and
2. Check the values before you put them in the session.
You should be ok.
ie. if you just go
$_SESSION['g_id'] = $_GET['g_id']
on one page, then you stil
As long as you...
1. Have register_globals set to off in your php.ini
and
2. Check the values before you put them in the session.
You should be ok.
ie. if you just go
$_SESSION['g_id'] = $_GET['g_id']
on one page, then you still have the same security risks as using just
$_GET.
If you are slight
I thought you could, but actually I dont think you can ... however there is
this little hack I just came up with.
FORM Example
Code for redirect.php
I hope you are familiar enough with PHP to understand the above. Basically
depending on what Page variable was passed from the submit button, t
In article <[EMAIL PROTECTED]>, [EMAIL PROTECTED]
says...
> Hi,
>
> I am designing a php program running in Linux, i would like to know can i
> design a program by adding permeter after the file name?
>
> Just like the following, "adding.php" is the filename and "123" ,"456" is
> the data which
> The W3C HTM 4x spec(s) say that when using the file type on a form
> input element, "User agents may use the value of the value attribute
> as the initial file name."
They *MAY* use it? As in, if they feel like it?...
W3C has a lot of specs that have nothing to do with what the browsers have
24 matches
Mail list logo
