Re: PHP Passing Variables Between Pages and Security
- From: "Kevin D." <creepiedecrapper@xxxxxxxxx>
- Date: Fri, 10 Feb 2006 10:03:31 -0800
"Skeets" <skillet3232@xxxxxxxxx> wrote in message
news:1139509124.096351.108150@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
i'm passing session and hidden variables between pages. not to mention
post values.
i'm a little concerned that someone with sufficient knowledge could
spoof these vlaues and manipulate the program.
is this a valid concern? i'm thinking i can check the submitting page
setting up something around the following the following code...
$base_name = basename($_SERVER['PHP_SELF']);
is this a good bet? is there a better way?
tia...
ps - posted this on php.general and, after 2 days w/o a response,
realized that probably wasn't the best place to post it.
this is a very interesting thread and i'm learning a lot (of course some of
it is over my head)... i'd like to clarify something, what exactly are we
defending against?
in other words, i understand the concept of someone spoofing to hack my
application... but what does this mean if my application is a basic content
manager for a website? what are the true repercussions and possible
worst-case scenarios that can take place?
- kevin
.
- Follow-Ups:
- Re: PHP Passing Variables Between Pages and Security
- From: Skeets
- Re: PHP Passing Variables Between Pages and Security
- From: Justin Koivisto
- Re: PHP Passing Variables Between Pages and Security
- References:
- PHP Passing Variables Between Pages and Security
- From: Skeets
- PHP Passing Variables Between Pages and Security
- Prev by Date: How to write PHP standard output on a text file?
- Next by Date: Re: upload images
- Previous by thread: Re: PHP Passing Variables Between Pages and Security
- Next by thread: Re: PHP Passing Variables Between Pages and Security
- Index(es):
Relevant Pages
|
