| From: | David Olbersen <dave(at)slickness(dot)org> |
|---|---|
| To: | Michael Fork <mfork(at)toledolink(dot)com> |
| Cc: | <Timothy_Maguire(at)hartehanks(dot)com>, Paul Joseph McGee <mcgee(at)student(dot)cs(dot)ucc(dot)ie>, <pgsql-php(at)postgresql(dot)org> |
| Subject: | Re: Re: Secure pages |
| Date: | 2001-03-13 19:24:03 |
| Message-ID: | Pine.LNX.4.31.0103131123200.30154-100000@bubbles.electricutopia.net |
| Views: | Whole Thread | Raw Message | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-php |
On Tue, 13 Mar 2001, Michael Fork wrote:
->The easiest way in PHP that I have found is to create a file called
->validate.php containing the following:
->
-><?
-> if ($HTTP_COOKIE_VARS["MyCookie"] != 'Some Value') {
-> header("Location: http://my.company.com/login");
-> }
->?>
->
->and, after the user has logged in, set a cookie. Then, for each page that
->should be for a logged-in user only, just include the validate.php file.
Boy that's not very secure...I could find your included file, see what 'Some
Value' is, and then just make my own cookie!
-- Dave
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Michael Fork | 2001-03-13 19:50:17 | Re: Re: Secure pages |
| Previous Message | Michael Fork | 2001-03-13 19:18:29 | Re: Re: Secure pages |