TECTED]>;
<[EMAIL PROTECTED]>
Sent: Sunday, November 25, 2001 7:32 PM
Subject: Re: [PHP-DOC] Re: PHP: Cool PHP Tips
> > > 1. always use ".php" (or
> > > ".php3" for earlier versions) file name extensions for
> > > include files, otherwise, c
>> Simple, but unsafe. $HTTP_REFERER is not suited for security
>> related purposes
>I thought about adding this note. It is not secure,
>but it adds to the security level of your scripts.
Well, but on the other hand you exclude users from using your
script/application, because proxies (e.g. We
> > > 1. always use ".php" (or
> > > ".php3" for earlier versions) file name extensions for
> > > include files, otherwise, crackers can view your
> > > code.
>
> It should be writen in other way. We should warn about that
> danger and inform about few methods of solving that problem. Way
> other
On Sun, 25 Nov 2001, Hojtsy Gabor wrote:
> > 1. always use ".php" (or
> > ".php3" for earlier versions) file name extensions for
> > include files, otherwise, crackers can view your
> > code.
It should be writen in other way. We should warn about that
danger and inform about few methods of solvi
> >[Using HTTP_REFERER for security purposes]
> >
> >Simple, effective, and safe.
>
> Simple, but unsafe. $HTTP_REFERER is not suited for security
> related purposes, because
>
> - it's optional, you cannot rely on it's presence
> - it's easy to manipulate
I thought about adding this note. It i
>[Using HTTP_REFERER for security purposes]
>
>Simple, effective, and safe.
Simple, but unsafe. $HTTP_REFERER is not suited for security
related purposes, because
- it's optional, you cannot rely on it's presence
- it's easy to manipulate
--
Johannes
Forwarding these tips to phpdoc. Can somebody please
add this to the security documentation?
Vip, thanks for the tips...
Goba
- Original Message -
From: "Vip Malixi" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Friday, November 23, 2001 11:22 PM
Subject: Re: PHP: Cool PHP Tips
>
