[nycphp-talk] NEW PHundamentals Question
Jeff Siegel
jsiegel1 at optonline.net
Mon Feb 9 22:29:11 EST 2004
Any reason to choose one over the other?
Jeff
jon baer wrote:
> the last method was session hashing for the page to create a unique entry
> token and then hiding it ...
>
> <input type="hidden" name="priv_key" value="32-bit/md5">
>
> if the sessions + keys didnt match you would know they came from somewhere
> else. i think the real key is just to have something unique in your POST as
> to distinguish it from something else. this method is actually pretty
> similar to using the graphic except the server does the work. one time keys
> work for pretty much anything.
>
> im guessing cookie dropping can work as well since the would have to come
> from @ least one entry page on your website before spotting the
> registration. would be interested in what the php security cookbook has to
> say about this :-)
>
> - jon
>
> ----- Original Message -----
> From: "Jeff Siegel" <jsiegel1 at optonline.net>
> To: "NYPHP Talk" <talk at lists.nyphp.org>
> Sent: Monday, February 09, 2004 9:58 PM
> Subject: Re: [nycphp-talk] NEW PHundamentals Question
>
>
>
>>That's one method that's growing in popularity.
>>Prior to using this method, was there another method that you've used?
>>
>>Jeff
>
>
> _______________________________________________
> talk mailing list
> talk at lists.nyphp.org
> http://lists.nyphp.org/mailman/listinfo/talk
>
--
Found on the Simpson's Website:
"Ooooooh, they have the internet on computers now!"
More information about the talk
mailing list