[PHP] secure alternative to HTTP_REFERER

[AraDaen]

Im looking for info about a secure alternative to the use of 
$_server['http_refere'] to check in a script from where are arriving
$_post vars.

any suggestion?

Thans a lot.

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] secure alternative to HTTP_REFERER

[AraDaen]

Thanks guys now i know what must i do :)



Chris Shiflett escribió:
> Stut wrote:
>   
>> You could put a hash value into a hidden field on the form, and
>> also store it in the session. When the form is submitted only
>> accept it if the hashes match.
>>
>> However, this is very easy to get around, so I suggest you
>> consider why you think you need this level of checking. Assuming
>> you're properly validating and escaping all input coming from
>> outside the app, IMHO this type of "security" should not be needed.
>> 
>
> It can useful when you want to verify intent, which is an important
> consideration these days:
>
> http://shiflett.org/articles/cross-site-request-forgeries
>
> (I have an update that I need to publish, but this should be enough to
> explain the potential problems this technique can help prevent.)
>
> Chris
>
>   

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] Just say "hello"

[AraDaen]

Hi from Spain. This is my first post and im sure it wont be last :)



AraDaen

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

RE: [PHP] PHP jump to other page

[AraDaen]

If you have not sent any character till that moment, you can use:

IF (statement == TRUE)
   { stay on this page, index.php }
ELSE {
header("Location: index2.php");




cya

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php