Re: Re: Secure pages

From: Michael Fork <mfork(at)toledolink(dot)com>
To: David Olbersen <dave(at)slickness(dot)org>
Cc: Timothy_Maguire(at)hartehanks(dot)com, Paul Joseph McGee <mcgee(at)student(dot)cs(dot)ucc(dot)ie>, pgsql-php(at)postgresql(dot)org
Subject: Re: Re: Secure pages
Date: 2001-03-13 19:50:17
Message-ID: Pine.BSI.4.21.0103131449260.377-100000@glass.toledolink.com
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-php

not if the include file ends with a .php -- since it is in <? ?>, anybody
acessing the file from a web browser would not be able to see it.

Michael Fork - CCNA - MCP - A+
Network Support - Toledo Internet Access - Toledo Ohio

On Tue, 13 Mar 2001, David Olbersen wrote:

> On Tue, 13 Mar 2001, Michael Fork wrote:
>
> ->The easiest way in PHP that I have found is to create a file called
> ->validate.php containing the following:
> ->
> -><?
> -> if ($HTTP_COOKIE_VARS["MyCookie"] != 'Some Value') {
> -> header("Location: http://my.company.com/login");
> -> }
> ->?>
> ->
> ->and, after the user has logged in, set a cookie. Then, for each page that
> ->should be for a logged-in user only, just include the validate.php file.
>
> Boy that's not very secure...I could find your included file, see what 'Some
> Value' is, and then just make my own cookie!
>
> -- Dave
>
>

In response to

Responses

Browse pgsql-php by date

  From Date Subject
Next Message David Olbersen 2001-03-13 19:50:45 Re: Re: Secure pages
Previous Message David Olbersen 2001-03-13 19:24:03 Re: Re: Secure pages