On Thu, May 10, 2007 10:18 pm, Daevid Vincent wrote:
Like most sites, someone needs to join up to use mine.
Errr.
To be pedantic, I don't think most sites require registration,
actually... :-)
I'm not saying it's bad or anything, just that there's still way
more HTML pages out there with free
On Fri, May 11, 2007 9:59 pm, [EMAIL PROTECTED] wrote:
Set ajaxObject.setRequestHeader(User-Agent,SecretName); in
Javascript and check for it in PHP. Not fool-proof, but the average
person wouldn't be able to get in.
Unless the user View Source and read your AJAX code...
This is not going to
Richard Lynch wrote:
On Fri, May 11, 2007 9:59 pm, [EMAIL PROTECTED] wrote:
Set ajaxObject.setRequestHeader(User-Agent,SecretName); in
Javascript and check for it in PHP. Not fool-proof, but the average
person wouldn't be able to get in.
Unless the user View Source and read your AJAX code...
On Fri, 2007-05-11 at 22:12 -0700, [EMAIL PROTECTED] wrote:
I don't see you giving a solution.
The solution is the same as for any session in which you want to protect
data. It hardly needs covering yet again. Read the archives.
Cheers,
Rob.
On 5/11/07, Robert Cummings [EMAIL PROTECTED]
On Friday 11 May 2007 12:45, Robert Cummings wrote:
On Thu, 2007-05-10 at 21:23 -0700, Daevid Vincent wrote:
Thanks for the suggestion and concern. Fear not, I'm a PHP Guru as
mentioned.
A Guru would have spent 60 seconds testing to see if the
session_start() scenario worked BEFORE posting
Robert Cummings wrote:
A Guru would have spent 60 seconds testing to see if the session_start()
scenario worked BEFORE posting to the list :B
/me was thinking the same
--
Regards,
Clive.
Real Time Travel Connections
{No electrons were harmed in the creation, transmission or reading of
I would also like to know how people are dealing with this, how to you make
sure people don't steal your data, sometimes it can be something simple like
state names, but sometimes it can be your entire user/email database, who
knows?
And OF COURSE he is not passing a query on the url, a dumb
On Fri, 2007-05-11 at 09:01 -0300, Rangel Reale wrote:
I would also like to know how people are dealing with this, how to you make
sure people don't steal your data, sometimes it can be something simple like
state names, but sometimes it can be your entire user/email database, who
knows?
On 5/10/07, Daevid Vincent [EMAIL PROTECTED] wrote:
I'm a PHP guru
Then this question shouldn't have been asked. :)
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Set ajaxObject.setRequestHeader(User-Agent,SecretName); in
Javascript and check for it in PHP. Not fool-proof, but the average
person wouldn't be able to get in.
On 5/11/07, clive [EMAIL PROTECTED] wrote:
Robert Cummings wrote:
A Guru would have spent 60 seconds testing to see if the
On Fri, 2007-05-11 at 19:59 -0700, [EMAIL PROTECTED] wrote:
Set ajaxObject.setRequestHeader(User-Agent,SecretName); in
Javascript and check for it in PHP. Not fool-proof, but the average
person wouldn't be able to get in.
Bleh, do it right. Don't settle for half-assed solutions that rely on
I don't see you giving a solution.
On 5/11/07, Robert Cummings [EMAIL PROTECTED] wrote:
On Fri, 2007-05-11 at 19:59 -0700, [EMAIL PROTECTED] wrote:
Set ajaxObject.setRequestHeader(User-Agent,SecretName); in
Javascript and check for it in PHP. Not fool-proof, but the average
person wouldn't
Like most sites, someone needs to join up to use mine.
I'm using a wee-bit-o-AJAX to pull some results from a database and display
them dynamically.
For the AJAX to work, it has to hit a script that's accessible from the htdocs
tree right?
Effectively it's just a (JavaScript initiated) GET
That's a humongous, humongous security risk there.
What if someone goes http://example.com/gimmedata.php?query=DROP DATABASE hi?
Unless I misunderstood.
A better way would be in the script:
switch ($_GET['query']) {
case fetch: $dbquery = 'SELECT stuff FROM stuff'; break;
case eatsnacks:
Thanks for the suggestion and concern. Fear not, I'm a PHP Guru as mentioned. I
never said that I execute the code directly like
that. Perhaps my query keyname was a bit misleading. Would
http://example.com/gimmedata.php?id=3foo=barmap=on have been more
clear? I also am not so silly as to run
On Thu, 2007-05-10 at 21:23 -0700, Daevid Vincent wrote:
Thanks for the suggestion and concern. Fear not, I'm a PHP Guru as mentioned.
A Guru would have spent 60 seconds testing to see if the session_start()
scenario worked BEFORE posting to the list :B
Cheers,
Rob.
--
16 matches
Mail list logo