RE: [Phplib-users] store the IP in the session
Brought to you by:
nhruby,
richardarcher
Menu
▾
▴
RE: [Phplib-users] store the IP in the session
|
From: Rob H. <rob...@ws...> - 2002-12-06 13:30:37
|
> We are speaking about two different shifts then. I am speaking about
> shifts along the way, not initial fallback. Once a certain mode is
> started, the default or the fallback, LATER do not allow mode shifts. As
> if saying: "hey guy, I told you must have cookies, you HAD cookies, why
> now are you using anything else, if not because I let you do so? How can
> you pretend to be the same guy as before, and now you show me a
> photocopied ticket, while a moment agoI saw you had the original in your
> hand? We ae the cinema tenders, you know... and we've prevented false
> tickets at the entry, now we should prevent swawwing & reentering
> inside...If it makes any sense.
> G
>
OK, but if they are smart enough to sniff a cookie off of the wire, then
they are smart enough to set one. That's what we are trying to prevent,
correct? The movement from cookie to GET?
This is a policy decision of the site admin. If they want to not have mode
changes, then use cookie only. If you want to have gets, then use get only.
if (!session_start("cookie") || session_start("get")) solves the problem.
Having a structured approach with usable features is much more important
than trying to prevent the coder from doing something stupid. If they do,
then it is their fault.
Rob Hutton
Web Safe
www.wsafe.com
**********************************************************************
Introducing Symantec Client Security - Integrated Anti-Virus,
Firewall, and Intrusion Detection for the Client.
Learn more:
http://enterprisesecurity.symantec.com/symes238.cfm?JID=2&PID=11624271
|
