On 08.10.2007, at 16:06, Kiril Angov wrote:
> > Ian P. Christian wrote: >> Kiril Angov wrote: >> >> >>> if ($_SERVER['HTTP_HOST'] == 'www.staging.com') >>> >> >> This header can be faked. >> >> >> > $_SERVER['SERVER_NAME']? lsmith: btw: will be ever split the hackable items from $_SERVER? chinstrap: no lsmith: i think its very bad for security that things are mixed together chinstrap: just treat everything as unsafe lsmith: sure .. but its a needless burden chinstrap: For PHP this stuff comes from the server, PHP doesn't know where the server got that stuff from lsmith: hmm lsmith: true lsmith: bummer BTW: chinstrap is the RM for php 5.3 regards, Lukas --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "symfony developers" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/symfony-devs?hl=en -~----------~----~----~----~------~----~------~--~---
