| From: | Michael Fork <mfork(at)toledolink(dot)com> |
|---|---|
| To: | David Olbersen <dave(at)slickness(dot)org> |
| Cc: | Timothy_Maguire(at)hartehanks(dot)com, Paul Joseph McGee <mcgee(at)student(dot)cs(dot)ucc(dot)ie>, pgsql-php(at)postgresql(dot)org |
| Subject: | Re: Re: Secure pages |
| Date: | 2001-03-13 19:50:17 |
| Message-ID: | Pine.BSI.4.21.0103131449260.377-100000@glass.toledolink.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-php |
not if the include file ends with a .php -- since it is in <? ?>, anybody
acessing the file from a web browser would not be able to see it.
Michael Fork - CCNA - MCP - A+
Network Support - Toledo Internet Access - Toledo Ohio
On Tue, 13 Mar 2001, David Olbersen wrote:
> On Tue, 13 Mar 2001, Michael Fork wrote:
>
> ->The easiest way in PHP that I have found is to create a file called
> ->validate.php containing the following:
> ->
> -><?
> -> if ($HTTP_COOKIE_VARS["MyCookie"] != 'Some Value') {
> -> header("Location: http://my.company.com/login");
> -> }
> ->?>
> ->
> ->and, after the user has logged in, set a cookie. Then, for each page that
> ->should be for a logged-in user only, just include the validate.php file.
>
> Boy that's not very secure...I could find your included file, see what 'Some
> Value' is, and then just make my own cookie!
>
> -- Dave
>
>
| From | Date | Subject | |
|---|---|---|---|
| Next Message | David Olbersen | 2001-03-13 19:50:45 | Re: Re: Secure pages |
| Previous Message | David Olbersen | 2001-03-13 19:24:03 | Re: Re: Secure pages |