RE: [Phplib-users] auth url question
Brought to you by:
nhruby,
richardarcher
Menu
▾
▴
RE: [Phplib-users] auth url question
|
From: Rob H. <rob...@ws...> - 2002-10-31 14:21:39
|
The more I think about this, the less I agree, because I think that auth logic was/is flawed. But attached is a version that I think will drop in. IMHO, auth should have a definite structure. It should not be something where this and that gets tried until something happens to work. And in the case of registration, you could type an existing user name and password and get in. And that is not acceptable on a site that deals with credit cards, or business presentation, or a lot of things. I don't agree with the way that registration is implemented in PHPSlash because it could be used on a business site and someone could fairly easily do something to defame the business by finding a loophole in the auth logic. Thanks, Rob Hutton Web Safe www.wsafe.com > -----Original Message----- > From: Giancarlo Pinerolo [mailto:gia...@na...] > Sent: Wednesday, October 30, 2002 1:59 PM > To: rob...@ws... > Subject: Re: [Phplib-users] auth url question > > > Rob Hutton wrote: > > > > It is partially fixed in session.inc, but not in session4.inc which I am > > using. > > session.inc (session3), always used HTTP_SERVER_VARS[QUERY_STRING]. > I am sure session4 in snapshot has been fixed too quite some time ago. > The one I've downloded just now has (20021022.dev). > > I think the sanpshot is a delicate balance of compromises that > actually works on phplib native sessions too (session3) and can be > used as a drop-in replacement that will work in most existing sites, > except (probably, but may be not true) on PHP3 sites. And (if we want > to) to accomplish this goal we have to provide for those sites that > used to implement login_if() in their pages. > > Gian > > > > |
