On Tuesday 16 May 2006 07:45, Richard Lynch wrote:
> On Mon, May 15, 2006 1:58 am, Jason Wong wrote:
> > 2) the uploaded file is a "script" (perl/php/python/etc)
> >
> > In the case of (2), if the script relies on its shebang line to
> > execute
>
> No
ear Chris Shiflett's views on this.
[1] as opposed to attacks on a user's browser when later on that file is
accessed or downloaded
[2] this includes (pun intended) include()'s siblings - require() etc.
--
Jason Wong -> Gremlins Associates -> www.gremlins.biz
Open Sou
bearch!
>
> Good ole John. I miss him. And Jason Wong. Where have all the good
> times gone?
I don't know about John (Holmes), but I retired after winning one of these
lotteries ;-)
--
Jason Wong -> Gremlins Associates -> www.gremlins.biz
Open Source Software System
e successfully run FUDforum
using Apache2/PHP4/MySQL on my Zaurus. Ruby on Rails works as well albeit
a tad slow -- I need to figure out how to get fastcgi working. And unlike
WM devices, you can run *real* browsers, Firefox and Mozilla are
available.
--
Jason Wong -> Gremlins Associates
On Saturday 30 July 2005 10:17, leonski wrote:
> Jason Wong wrote:
> > On Saturday 30 July 2005 08:49, leonski wrote:
> >> sh: line 1: /usr/local/bin/mogrify /tmp/phpS1KCen -resize 320x240!
> >> : No such file or directory sh: line 1: /usr/local/bin/mogrify
> >>
, if it doesn't exist!
I think the error message is trying to tell you that
"/usr/local/bin/mogrify" does not exist.
--
Jason Wong -> Gremlins Associates -> www.gremlins.biz
Open Source Software Systems Integrators
* Web Design & Hosting * Inte
inese would enter their name (usually 3 words, sometimes 2. rarely
4) WITHOUT any spaces.
Not sure what the OP was trying to do, but the best way to handle it
(IMHO) is to give the user 2 input boxes, one for family name, the other
for the rest of their name.
--
Jason Wong -> Gremlins As
e that
are different and will be transferred).
--
Jason Wong -> Gremlins Associates -> www.gremlins.biz
Open Source Software Systems Integrators
* Web Design & Hosting * Internet & Intranet Applications Development *
--
Search the list archives befo
ou're looking at the correct php.ini
2) the setting is not being changed elsewhere
If the warning annoys you just tone down the error reporting level.
> Is there another one I should be looking at? :(
Not that I'm aware of.
--
Jason Wong -> Gremlins Associates -> www.gremlins.
ou can easily check this by entering the URL of the include
file into a browser and then "view source", what you see is what will be
included by a "foreign host".
What you should be more concerned about if you're on a shared host is that
there is a good possibili
> Without reverting back to 4.3.11, is there a way I can temporarily fix
> this while working on the application issues themselves? :(
Change the relevant setting in php.ini.
--
Jason Wong -> Gremlins Associates -> www.gremlins.biz
Open Source Software Systems Integrators
* Web Design &
amp; id 3.
You may also want to consider using preg_quote() instead of str_replace().
--
Jason Wong -> Gremlins Associates -> www.gremlins.biz
Open Source Software Systems Integrators
* Web Design & Hosting * Internet & Intranet Applications Development *
-
> class to cache Adodb recordsets in memcached?.
No idea.
--
Jason Wong -> Gremlins Associates -> www.gremlins.biz
Open Source Software Systems Integrators
* Web Design & Hosting * Internet & Intranet Applications Development *
--
Search
it deserves?
--
Jason Wong -> Gremlins Associates -> www.gremlins.biz
Open Source Software Systems Integrators
* Web Design & Hosting * Internet & Intranet Applications Development *
--
Search the list archives before you post
http://marc.theaim
27;m sure you would be more worried about the billennium bug :)
> If you are dealing in 2 billion object PostgreSQL databases, and you
> don't know all this already, you're in DEEP trouble...
I think I'll be quite safe as I'm using sequences ;-)
--
Jason Wong -> Greml
D that you
want. Can't remember whether this was a php-postgresql thing or simply a
postgresql thing. But whatever it is, you don't need OIDs to use
sequences.
--
Jason Wong -> Gremlins Associates -> www.gremlins.biz
Open Source Software Systems Integrators
* Web Design & Hosting * I
suggest that you start off with a 'smaller' project and explore
all the ways where postgresql does things differently to and/or better
than mysql, then work your way up to a more complex project. This would
be much better than doing a hasty migration to postgresql - which does
not make t
ot "hacked up" as you put it).
What's to stop a bad guy using a "real" browser talking to your server
and getting some information and doing something bad with that
information? What are you trying to prevent?
--
Jason Wong -> Gremlins Associates -> www.g
o be certain that you won't hit the limit configure your webserver so
that the maximum number of instances (or requests it can handle) is less
than the max connections settings of mysql.
--
Jason Wong -> Gremlins Associates -> www.gremlins.biz
Open Source Software Systems Integrators
27;;
>exit;
> }
The file pointed to by $newfile doesn't exist. You need to move ...
> $local_file = $_FILES['userfile']['tmp_name'];
... $localfile
--
Jason Wong -> Gremlins Associates -> www.gremlins.biz
Open Source Software Systems Integra
nothing else)
>
> That and error_reporting( E_ALL );
and
ini_set('display_errors', TRUE);
So they don't have to figure out where the error log is (yet).
--
Jason Wong -> Gremlins Associates -> www.gremlins.biz
Open Source Software Systems Integrators
* Web Design &a
ssed the e-mail where I said
> How far did you read? http://us3.php.net/manual/en/ref.zlib.php
zlib does gzip (.gz) and is not the same as [pkware] zip which I believe
is what the OP wants.
OP, put your google googles on and look, there is (or was?) at least one
solution which involved a zip handling
ely broken? In short, you're trying to display
an image, so get rid of all the HTML stuff.
--
Jason Wong -> Gremlins Associates -> www.gremlins.biz
Open Source Software Systems Integrators
* Web Design & Hosting * Internet & Intranet Applications Development *
.
To remove an item:
1) unset($basket[n]); // where n is an integer
2) unset($basket['product_id']; // if product_id is an integer
// then you don't need the single-quotes
// note that also applies when fir
d, in newer
versions this is the default.
Summary: you have to compile PHP with --enable-trans-sid, AND enable it in
php.ini.
--
Jason Wong -> Gremlins Associates -> www.gremlins.biz
Open Source Software Systems Integrators
* Web Design & Hosting * Internet & Intranet
On Tuesday 17 May 2005 18:00, Merlin wrote:
> I am trying to find a way to count the number of times (if any) words
> are inside a string.
explode()
array_count_values()
--
Jason Wong -> Gremlins Associates -> www.gremlins.biz
Open Source Software Systems Integrators
* Web Desi
ne better!
[1] Yet Another PHP Framework
--
Jason Wong -> Gremlins Associates -> www.gremlins.biz
Open Source Software Systems Integrators
* Web Design & Hosting * Internet & Intranet Applications Development *
--
Search the list archives before you
). And after that, start off with a web-based PHP RAD tool. (which
> I plan to do with either document.designMode or XUL)
You might want to take a look at Prado http://www.xisc.com/ it seems to be
exactly what you're trying to do and I believe it also has a RAD plugin
for Dreamweaver.
-
Set that to 1. Sessions *are* cookies, they're cookies that have been set
to expire when the browsing session finishes (ie when the browser is
closed).
--
Jason Wong -> Gremlins Associates -> www.gremlins.biz
Open Source Software Systems Integrators
* Web Design & Hosting * Intern
g(E_ALL);
ini_set('display_errors', TRUE);
--
Jason Wong -> Gremlins Associates -> www.gremlins.biz
Open Source Software Systems Integrators
* Web Design & Hosting * Internet & Intranet Applications Development *
--
s of examples and
suggestions. Also check the archives for Richard Lynch's posts where he
rants (quite rightly) about IE's poor handling of forcing a download to
be saved to file and ways to circumvent it.
--
Jason Wong -> Gremlins Associates -> www.gremlins.biz
Open Source So
age/jpg");
Header('Content-Disposition: attachment;
file="tigershippingdashboard20050429.jpg"');
echo $ret;
--
Jason Wong -> Gremlins Associates -> www.gremlins.biz
Open Source Software Systems Integrators
* Web Design & Hosting * Internet & Intranet Applica
On Friday 13 May 2005 02:54, Chris Bruce wrote:
> $ret = curl_setopt($ch, CURLOPT_HEADER, 0);
Try enabling the above or ...
> Does anyone know how I can take the binary result and force it to
> download as a JPG image?
... send an appropriate header before dumping the binary data.
On Thursday 12 May 2005 09:57, Richard Lynch wrote:
> On Wed, May 11, 2005 5:23 pm, Jason Wong said:
> > But now that mysql_real_escape_string() is available that is what you
> > ought to use.
>
> But are they REALLY different.
mysql_real_escape_string() is most cer
_escape_string )...
Postgresql uses a single-quote to escape a single-quote. MySQL uses a
backslash. Hence running addslashes() on a string destined for MySQL is
usually OK whilst doing so for Postgresql is not.
But now that mysql_real_escape_string() is available that is what you
ought to use.
new session is
> > created).
>
> That's because IE stupidly creates a whole new program/process on each.
That behaviour is (or maybe was, don't have IE around to test) user
configurable.
So if the OP is relying on that "feature" then their website is bound to
br
;looping" and unsetting the
> elements ??
array_slice(), array_splice()
--
Jason Wong -> Gremlins Associates -> www.gremlins.biz
Open Source Software Systems Integrators
* Web Design & Hosting * Internet & Intranet Applications Development *
le just in the
> start I have this:
>
> ini_set("upload_tmp_dir","C:\\PHP5\\tmp\\");
You can't do that. That has to be set in php.ini.
--
Jason Wong -> Gremlins Associates -> www.gremlins.biz
Open Source Software Systems Integra
files AND directories (and in fact the examples shows
that). is_readable() and is_writeable() also works on files/dirs.
--
Jason Wong -> Gremlins Associates -> www.gremlins.biz
Open Source Software Systems Integrators
* Web Design & Hosting * Internet & Intranet A
does it
> match the slash "/" ???
preg_replace('|\[\s*/\s*quote\s*]|', '[/quote]', $word);
You might want to spice it up with some ungreedy modifiers.
--
Jason Wong -> Gremlins Associates -> www.gremlins.biz
Open Source Software Systems Integrators
* Web De
was /var/www/html. What is it now..? Cheers.
Look in "/usr/local/apache2/conf/httpd.conf" for "DocumentRoot".
--
Jason Wong -> Gremlins Associates -> www.gremlins.biz
Open Source Software Systems Integrators
* Web Design & Hosting
On Tuesday 12 April 2005 02:28, Ben Ramsey wrote:
> In general, permission settings under Windows suck.
Hmm I thought that the ACLs on NTFS were about the only thing that is good
about Windows.
--
Jason Wong -> Gremlins Associates -> www.gremlins.biz
Open Source Software Systems In
word from the URL. The username can be in plaintext (or
if circumstances dictate and/or you're paranoid can be *encrypted*). The
password is hashed (md5/sha, whatever) WITH a secret key. You can then
verify whether username/password is correct and return an appropriate
response.
--
Jason Wong
On Monday 11 April 2005 12:11, Theisen, Gary wrote:
> if ($excel !=== FALSE) { //This is the error line?!?! I even tried
> "FALSE".
if ($excel !== FALSE) { ... }
--
Jason Wong -> Gremlins Associates -> www.gremlins.biz
Open Source Software Systems Integrators
lit() instead:
list($fname, $lname) = preg_split('/\s+/', $_POST['username']);
--
Jason Wong -> Gremlins Associates -> www.gremlins.biz
Open Source Software Systems Integrators
* Web Design & Hosting * Internet & Intranet Applications Development *
---
password -- are you
going to tell them how to decrypt in the case that they have forgotten
the password?
--
Jason Wong -> Gremlins Associates -> www.gremlins.biz
Open Source Software Systems Integrators
* Web Design & Hosting * Internet & Intranet Applications Development *
--
ok like and what the PHP module is. This is
done in steps 14 & 15.
4-2 (static) means that PHP will be compiled into the Apache executable
however you still need to tell it what PHP files look like (step 15).
--
Jason Wong -> Gremlins Associates -
u help me here. Cheers.
You seem to have missed out some important steps ie editing httpd.conf so
that it knows about PHP. RTFM for details.
--
Jason Wong -> Gremlins Associates -> www.gremlins.biz
Open Source Software Systems Integrators
* Web
ord and some bad person got hold of it then there
is no reasonable way for your website to distinguish the bad person using
the password to gain access from the legitimate user.
--
Jason Wong -> Gremlins Associates -> www.gremlins.biz
Open Source S
how to test? How to tell it?
Go through the installation instructions in the [PHP] manual >
Installation on Unix systems > Apache 2.0 on Unix systems. In particular
verify steps 14 and 15.
--
Jason Wong -> Gremlins Associates -> www.gremlins.biz
Open Source Software Systems
s/calendario/calendarix/cal_header.inc.php on
> line 19
> * the /tmp directory is owned by root
> * the /tmp/sess directory is owned by the apache user and has 777
> permissions * the directory in php.ini to store sessions is : /tmp/sess
> * there's not a php user
what is the out
On Thursday 07 April 2005 20:21, Jeff McKeon wrote:
> Now that I look at it, does anyone think this would work...
>
> file_get_contents("php//stdin/");
That should be:
'php://stdin'
--
Jason Wong -> Gremlins Associates -> www.gremlins.biz
Open Source
t of people having problems with
having SELinux enabled and were resolved when it was disabled.
--
Jason Wong -> Gremlins Associates -> www.gremlins.biz
Open Source Software Systems Integrators
* Web Design & Hosting * Internet & Intranet Applications Development *
-
display_errors', TRUE);
if (!$fp = fopen("/dev/ttyS0", 'w+b')) {
echo "\nError! Could not open COMport - Got a terminal open?\n";
exit;
} else {
$i = 0;
while ((false !== ($char = fgetc($fp))) AND $i < 10) {
$i
-jpeg-dir=/usr/local
--
Jason Wong -> Gremlins Associates -> www.gremlins.biz
Open Source Software Systems Integrators
* Web Design & Hosting * Internet & Intranet Applications Development *
--
Search the list archives before you post
http://
ke
>
> You must specify the real prefix where PHP is installed in the "export"
> command. It may be "/usr" "/usr/local", or something else.
In your case you have to set PHP_PREFIX to '/usr/local', and before you
can proceed you must make sure you have
wser prefs are for
preventing these 3rd party websites from setting these 3rd party cookies.
--
Jason Wong -> Gremlins Associates -> www.gremlins.biz
Open Source Software Systems Integrators
* Web Design & Hosting * Internet & Intranet Applications Development *
et('display_errors', 0); // ??
--
Jason Wong -> Gremlins Associates -> www.gremlins.biz
Open Source Software Systems Integrators
* Web Design & Hosting * Internet & Intranet Applications Development *
--
Search the list archives before you po
ated POST. Your order
of execution should be something like:
start session
assign values to session
close session
do the simulated POST
--
Jason Wong -> Gremlins Associates -> www.gremlins.biz
Open Source Software Systems Integrators
* Web Design & Hosting * Internet &
However, the functions php provides only allow up to the unix
> epoch.
manual > Calendar Functions
--
Jason Wong -> Gremlins Associates -> www.gremlins.biz
Open Source Software Systems Integrators
* Web Design & Hosting * Internet & Intranet Applications Development *
--
short tags is an optional
setting on the webserver and hence may not be enabled in which case your
code *will* be displayed as-is.
--
Jason Wong -> Gremlins Associates -> www.gremlins.biz
Open Source Software Systems Integrators
* Web Design & Hosting * Internet & Intra
ur file most likely
does not have a trailing NL character that is why it is the only line
that works.
--
Jason Wong -> Gremlins Associates -> www.gremlins.biz
Open Source Software Systems Integrators
* Web Design & Hosting * Internet & Intranet Applications Development *
-
tp://evilserver.example.com";)));
> ?>
>
> So, like, what's the point to turning off only remote include and
> keeping remote file?
I believe you're missing the point of the patch. It is to prevent people
from injecting malicious remote locations in $somewhere:
i
k that the OP wouldn't go to the trouble of creating a
patch (for the latest release of PHP no less) for functionality that
already exists! IIRC a request for something similar was made on the list
some time ago.
--
Jason Wong -> Gremlins Associates -> www.gremlins.biz
Open Sourc
second time round you're using the hash for
password1 to check against username2, etc.
[snip]
> username2, password2, e38ad214943daad1d64c102faec29de4afe9da3d
> (Second try)
Notice that the hash looks suspiciously like 'password1'.
--
Jason Wong -> Gremlins Ass
in
> /xxx/xxx/xxx/TMPz06yoces6o.php on line 2."
Switch to using a decent syntax highlighting editor and these types of
errors will be immediately obvious.
--
Jason Wong -> Gremlins Associates -> www.gremlins.biz
Open Source Software Systems Integrators
* Web Design & Hosting *
of the passwords are exactly the same. I'm not sure why this is
> happening.
I strongly suspect you're hashing an empty string.
echo "password [$password]";
$pass=bin2hex(mhash(MHASH_SHA1, $password));
--
Jason Wong -> Gremlins Associates -> www.gremlins.biz
e person" then it
doesn't really matter -- just have apache be the owner and the group.
--
Jason Wong -> Gremlins Associates -> www.gremlins.biz
Open Source Software Systems Integrators
* Web Design & Hosting * Internet & Intranet Applications Development
n't find it (even by searching this list). Feel free to
> redirect me to existing documentation that I woule have missed, if
> needed.
http://marc.theaimsgroup.com/?l=php-general&m=105793487024873&w=2
--
Jason Wong -> Gremlins Associates -> www.gremlins.biz
Open Source
On Thursday 10 February 2005 23:36, Ben Edwards (lists) wrote:
> The cleaning works but magic_quotes_runtime is false even if magic
> codes are on, any ideas?
There are at least two magic_quotes_* settings, make sure you are
referring to the correct one(s).
--
Jason Wong ->
i)
isn't going to harm your system in anyway. You're not going to find many
books or articles that will tell you how to write a complete procmail
parser, that's why they're hard to find, and ditto for whatever else you
want your sudo to be doing.
--
Jason Wong -> Greml
ml;
>
> The condense of the variable gets outputted.
>
> I could post the method here but its a bit long.
You only need to post concise code that illustrates your problem, a one
liner to return a value is all the that your method needs.
--
Jason Wong -> Gremlins Associates -> www.
t;
> Something went wrong with this test.
>
> You SHOULD have been able to read/write that file in PHP, assuming
> 'apache' is the user PHP runs as. Use http://php.net/phpinfo to
> confirm that it really *IS* 'apache' user that's running apache/php.
I
s
> ever saved other than a temporary file that vanishes as soon as the
> file has completed uploading.
[HTTP upload code snipped]
It seems that you're confused as to what FTP is and what HTTP is. Perhaps
if you explained what you are trying to do then someone might be able to
point you i
#x27;); // 129384
Now
> After a hardware failure, I reinstalled my linux with the same
> settings...
> now, a timestap of 01/01/2011 is returned as: 1293832800
> What am I doing wrong?
Suggests that your server is now set to a timezone that is UTC+0200
--
Jason Wong -> Gremlin
PHP has no access to, using PHP?"
--
Jason Wong -> Gremlins Associates -> www.gremlins.biz
Open Source Software Systems Integrators
* Web Design & Hosting * Internet & Intranet Applications Development *
--
Search the list
ath
> in one location, and 'append' the local path in the vhosts directive.
One method (not sure whether it's the best or most efficient) is to use an
auto_prepend_file to set the local component(s) of the path.
--
Jason Wong -> Gremlins Associates -> www.gremlins.biz
tures. However if it's to
inform people that you've received their mail, or read their mail, or (gasp)
deleted their mail without reading it (because you've already read in the
preview pane) then that is totally dumb (with a capital D (& U & M & B & A
&
time. So increasing this
> time wouldn't help me.
Checkout ignore_user_abort().
--
Jason Wong -> Gremlins Associates -> www.gremlins.biz
Open Source Software Systems Integrators
* Web Design & Hosting * Internet & Intranet Applications Development *
-
ll* domains in $d (dom1.com,dom2.net)
> which appear in $doms,
>
> then extract all the other info
> (mq.user,mq.sender etc).
--
Jason Wong -> Gremlins Associates -> www.gremlins.biz
Open Source Software Systems Integrators
* Web Design &
L F
>
> All four bytes are non-zero!
What you need is something like:
printf ("%02x %02x %02x %02x", ord($cont{0}), ord($cont{1}), ord($cont{2}),
ord($cont{3}));
Also check out unpack().
--
Jason Wong -> Gremlins Associates
web pages, that's why ASP, Perl, and Cold Fusion are listed.
--
Jason Wong -> Gremlins Associates -> www.gremlins.biz
Open Source Software Systems Integrators
* Web Design & Hosting * Internet & Intranet Applications Development *
--
d " marks.
Then string replace those characters. Or am I missing something terribly
obvious?
--
Jason Wong -> Gremlins Associates -> www.gremlins.biz
Open Source Software Systems Integrators
* Web Design & Hosting * Internet & Intranet Applications Development *
On Thursday 03 February 2005 02:18, John Nichel wrote:
> Argghhhreturn receipts
Use a *real* mail client -- one that ignores those stupid things.
--
Jason Wong -> Gremlins Associates -> www.gremlins.biz
Open Source Software Systems Integrators
* Web Design
uot;);
>
> I get the "3" before the "2", how is that posible?
>
> And:
>
> print(supscript("3")."2");
>
> makes the 2 appear before the 3.
> I am confused!
You're trying to use the function supscript() as though it returne
the list to regularly use
funny quoting instead of standard quoting it might suffice to just ask him to
turn over a new leaf :)
--
Jason Wong -> Gremlins Associates -> www.gremlins.biz
Open Source Software Systems Integrators
* Web Design & Hosting * Internet &am
o perform this
step.
Then the next thing is you usually need a password to access the remote host,
as it's usually pretty difficult to enter a password if you want to run this
script non-interactively so you make use of keys:
google > using ssh without password
--
Jason Wong
ho $a;
> }
If you do:
foreach($arr as $b)
{
echo $b;
}
then it will work as you expect it.
--
Jason Wong -> Gremlins Associates -> www.gremlins.biz
Open Source Software Systems Integrators
* Web Design & Hosting * Internet & Intranet Applications Developmen
wbie at this Unix server and file
> permission thing. I was really hoping that there was some parameter I
> could set to have the uploaded file set to full access permissions,
Have a look at umask() and chmod().
--
Jason Wong -> Gremlins Associates -> www.gremlins.biz
Open So
You have started a new thread by taking an existing posting and replying to
it while you changed the subject.
That is bad, because it breaks threading. Whenever you reply to a message,
your mail client generates a "References:" header that tells all recipients
which posting(s) your posting refers
correct and the saved images are viewable
*then* I output them directly.
> Note that there is no problem with the code from phpfreaks. It seems to
> run for everyone else on their computers.
In that case you're doing something different to everyone else, find out what
that d
nfo().
--
Jason Wong -> Gremlins Associates -> www.gremlins.biz
Open Source Software Systems Integrators
* Web Design & Hosting * Internet & Intranet Applications Development *
--
Search the list archives before you post
http://marc.theaimsgroup.c
automatically take care of the separation of the
mail headers and the mail body.
--
Jason Wong -> Gremlins Associates -> www.gremlins.biz
Open Source Software Systems Integrators
* Web Design & Hosting * Internet & Intranet Applications Development *
--
ition of 'again'.
>
> I just noticed that they crossposted rather than post twice.
Add thread hijacking to the list of transgressions as well!
--
Jason Wong -> Gremlins Associates -> www.gremlins.biz
Open Source Software Systems Integrators
*
= "From: $emailfrom\n";
>
> $mailsent = mail($emailto, $subject, $msg, $headers,"-f" . $emailfrom);
1) Use the proper delimiters between headers -- "\r\n"
2) Check your mailserver logs
--
Jason Wong -> Gremlins
assuming that the function definition has defined $y & $x
to be passed by reference.
> Any help would be appreciated.
I suggest you start by giving some dimensions to your window and possibly some
borders as well.
--
Jason Wong -> Gremlins Associates -> www.gremlins.biz
Open Source
url(), very useful, the description for that function shows a
link to parse_str(), bingo, you got all you need. Of course you still have to
examine the extracted data to determine which search engine it came from and
proceed accordingly.
--
Jason Wong -> Gremlins Associates -> www.gre
xperience when possible.
As do I if the poster appears to have done some homework and just needs
clarification or a kick^H^H^H^H nudge in the right direction.
> > than to shove them off on
> > a 'newbie' list and forget about them(!).
>
> Well, like I said.. I'd partic
On Wednesday 26 January 2005 07:27, Greg Donald wrote:
> On Wed, 26 Jan 2005 06:54:32 +0800, Jason Wong <[EMAIL PROTECTED]>
wrote:
> > Anyway who decides what is a newbie question? I don't think a newbie
> > would be in a position to ascertain whether their questio
pretty simple you have to keep in mind it's not
> very secure. Since cookies reside on the clients machine, the client
> could manipulate the cookie and pretend to be logged in.
The above will prevent this. However it does not prevent session hijacking --
google for more info.
--
Jaso
1 - 100 of 3302 matches
Mail list logo
