Skip site navigation (1) Skip section navigation (2)

Re: Re: Secure pages

From: Michael Fork <mfork(at)toledolink(dot)com>
To: David Olbersen <dave(at)slickness(dot)org>
Cc: Timothy_Maguire(at)hartehanks(dot)com, Paul Joseph McGee <mcgee(at)student(dot)cs(dot)ucc(dot)ie>, pgsql-php(at)postgresql(dot)org
Subject: Re: Re: Secure pages
Date: 2001-03-13 19:50:17
Message-ID: Pine.BSI.4.21.0103131449260.377-100000@glass.toledolink.com (view raw or flat)
Thread:
Lists: pgsql-php
not if the include file ends with a .php -- since it is in <? ?>, anybody
acessing the file from a web browser would not be able to see it.

Michael Fork - CCNA - MCP - A+
Network Support - Toledo Internet Access - Toledo Ohio

On Tue, 13 Mar 2001, David Olbersen wrote:

> On Tue, 13 Mar 2001, Michael Fork wrote:
> 
> ->The easiest way in PHP that I have found is to create a file called
> ->validate.php containing the following:
> ->
> -><?
> ->  if ($HTTP_COOKIE_VARS["MyCookie"] != 'Some Value') {
> ->    header("Location: http://my.company.com/login");
> ->  }
> ->?>
> ->
> ->and, after the user has logged in, set a cookie.  Then, for each page that
> ->should be for a logged-in user only, just include the validate.php file.
> 
> Boy that's not very secure...I could find your included file, see what 'Some
> Value' is, and then just make my own cookie!
> 
> -- Dave
> 
> 


In response to

Responses

pgsql-php by date

Next:From: David OlbersenDate: 2001-03-13 19:50:45
Subject: Re: Re: Secure pages
Previous:From: David OlbersenDate: 2001-03-13 19:24:03
Subject: Re: Re: Secure pages

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group