Tom-> session hijacking (3)
From: Ryan A (ryan_at_coinpass.com)
Date: 10/20/03
- Next message: Chris Shiflett: "Re: [PHP] What Is Scalability?"
- Previous message: Chris Shiflett: "Re: [PHP] Shiflett->Re: [PHP] session hijacking"
- In reply to: Tom Rogers: "Re[2]: Tom->Re: [PHP] session hijacking"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
To: "Tom Rogers" <trogers@kwikin.com> Date: Mon, 20 Oct 2003 03:28:55 +0200
Hey Tom,
thanks again for replying.
> That depends on what your dicky friend is doing to screw your code up.
Dicky...nice name you picked pretty close to what I picked for him, but John
Holmes picked something similar for himself so watch out or he could be mad
at ya :-D
I don't want to break the nice name you picked for this guy so from now on
will refer to him as "prick". ;-))
> If you are passing ids' in the url or in post data then encode them. If he
is inventing url
> variables that happen to match ones you are using then setting them at the
start will be enough
Nope, in the url,$_post and hidden fields are the things that he has an
option of legally changing....I checked those scripts thoroughly...its only
the sessions where there's a problem.
I'll make the "top changes" for now and after I read up on classes and am
sure of what I am doing will add that class you gave me, because if I get
strange results I really wont know where they are coming from and could
disrupt normal client activity.
Thanks again Tom for taking the time and being such a big help.
Cheers,
-Ryan
- Next message: Chris Shiflett: "Re: [PHP] What Is Scalability?"
- Previous message: Chris Shiflett: "Re: [PHP] Shiflett->Re: [PHP] session hijacking"
- In reply to: Tom Rogers: "Re[2]: Tom->Re: [PHP] session hijacking"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
