;admin" users.
Kirk
> -Original Message-
> From: Jason Wong [mailto:[EMAIL PROTECTED]]
> Sent: Friday, April 05, 2002 11:42 AM
> To: [EMAIL PROTECTED]
> Subject: Re: [PHP] Making sure a post request came from your site
>
>
> > Ok, then how do you go about
On Fri, 5 Apr 2002, Chris Boget wrote:
>> You can never assume that submitted data is benign or untampered.
>
> Ok, then how do you go about checking to make sure that submitted
> data is, in fact, benign and acceptable for your use?
I use two general principles:
1) Rather than trying to rule
On Saturday 06 April 2002 02:26, Chris Boget wrote:
> > You can never assume that submitted data is benign or untampered.
>
> Ok, then how do you go about checking to make sure that submitted
> data is, in fact, benign and acceptable for your use?
For starters:
If it's supposed to be a number ma
On Friday, April 5, 2002, at 01:15 PM, Miguel Cruz wrote:
>> For security, you can modify your code so that you check
>> the $_POST elements instead of using the magic globals.
>> That's all well and good.
>> However, someone copy and save your HTML to their local
>> machine, change some values
> > Is there any way to determine from where the post request came
> > from w/o using http_referer?
> No, nor with it.
I know that http_referer is unviable, that's why I asked if you can find
out that data w/o using it.
> Someone who wants to mess with you can supply any HTTP
> referer they wan
On Fri, 5 Apr 2002, Chris Boget wrote:
> For security, you can modify your code so that you check
> the $_POST elements instead of using the magic globals.
> That's all well and good.
> However, someone copy and save your HTML to their local
> machine, change some values, change the "Action" pag
6 matches
Mail list logo