For security, you can modify your code so that you check
the $_POST elements instead of using the magic globals.
That's all well and good.
However, someone copy and save your HTML to their local
machine, change some values, change the Action page of the
form to be
On Fri, 5 Apr 2002, Chris Boget wrote:
For security, you can modify your code so that you check
the $_POST elements instead of using the magic globals.
That's all well and good.
However, someone copy and save your HTML to their local
machine, change some values, change the Action page of
Is there any way to determine from where the post request came
from w/o using http_referer?
No, nor with it.
I know that http_referer is unviable, that's why I asked if you can find
out that data w/o using it.
Someone who wants to mess with you can supply any HTTP
referer they want to
On Friday, April 5, 2002, at 01:15 PM, Miguel Cruz wrote:
For security, you can modify your code so that you check
the $_POST elements instead of using the magic globals.
That's all well and good.
However, someone copy and save your HTML to their local
machine, change some values, change
On Saturday 06 April 2002 02:26, Chris Boget wrote:
You can never assume that submitted data is benign or untampered.
Ok, then how do you go about checking to make sure that submitted
data is, in fact, benign and acceptable for your use?
For starters:
If it's supposed to be a number make
On Fri, 5 Apr 2002, Chris Boget wrote:
You can never assume that submitted data is benign or untampered.
Ok, then how do you go about checking to make sure that submitted
data is, in fact, benign and acceptable for your use?
I use two general principles:
1) Rather than trying to rule out
-Original Message-
From: Jason Wong [mailto:[EMAIL PROTECTED]]
Sent: Friday, April 05, 2002 11:42 AM
To: [EMAIL PROTECTED]
Subject: Re: [PHP] Making sure a post request came from your site
Ok, then how do you go about checking to make sure that submitted
data is, in fact, benign
7 matches
Mail list logo
