True, but then my permission / auth / workflow schema defines all that. the
user won't like have that permission, the request will be logged and nothing
is ever deleted from the app in any case since I only allow soft (record
level flag ) deletes to ensure data integrity
I agree with Bastien
On Tue, Oct 21, 2008 at 5:12 AM, Yeti [EMAIL PROTECTED] wrote:
True, but then my permission / auth / workflow schema defines all that. the
user won't like have that permission, the request will be logged and nothing
is ever deleted from the app in any case since I only allow soft (record
level
On Sat, Oct 18, 2008 at 11:28 AM, Jay Moore [EMAIL PROTECTED] wrote:
Yeti wrote:
Ok, but how safe are tokens?
Thinking of man in the middle attacks they do not make much sense, do
they?
That's what I was thinking too. If I'm deleting an entry from a database
with AJAX, I don't want
On Fri, Oct 17, 2008 at 7:14 PM, Yeti [EMAIL PROTECTED] wrote:
but whose counting :-))
Someone is for sure. Maybe the scheduler?
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Security is a mindset and if your data is not that
Ok, but how safe are tokens?
Thinking of man in the middle attacks they do not make much sense, do they?
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Yeti wrote:
Ok, but how safe are tokens?
Thinking of man in the middle attacks they do not make much sense, do they?
That's what I was thinking too. If I'm deleting an entry from a
database with AJAX, I don't want someone looking at my Javascript and
saying, Hmm, all I need to do is pass
I realize this isn't really about PHP, but I was hoping maybe someone
had a way to make AJAX a little bit more secure using PHP.
I was thinking of making my AJAX calls also pass the current session id,
and have my PHP script check to make sure it's a valid id, but I'm open
to other ideas.
On Fri, Oct 17, 2008 at 3:08 PM, Jay Moore [EMAIL PROTECTED] wrote:
I realize this isn't really about PHP, but I was hoping maybe someone had a
way to make AJAX a little bit more secure using PHP.
I was thinking of making my AJAX calls also pass the current session id,
and have my PHP script
Jay Moore schreef:
I realize this isn't really about PHP, but I was hoping maybe someone
had a way to make AJAX a little bit more secure using PHP.
I was thinking of making my AJAX calls also pass the current session id,
the browser should still send the session cookie for async requests. so
but whose counting :-))
Someone is for sure. Maybe the scheduler?
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
10 matches
Mail list logo
