| From: | David Olbersen <dave(at)slickness(dot)org> |
|---|---|
| To: | Michael Fork <mfork(at)toledolink(dot)com> |
| Cc: | <Timothy_Maguire(at)hartehanks(dot)com>, Paul Joseph McGee <mcgee(at)student(dot)cs(dot)ucc(dot)ie>, <pgsql-php(at)postgresql(dot)org> |
| Subject: | Re: Re: Secure pages |
| Date: | 2001-03-13 19:50:45 |
| Message-ID: | Pine.LNX.4.31.0103131149020.30154-100000@bubbles.electricutopia.net |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-php |
On Tue, 13 Mar 2001, Michael Fork wrote:
->not if the include file ends with a .php -- since it is in <? ?>, anybody
->acessing the file from a web browser would not be able to see it.
I misunderstood, I thought you meant that you would put that code in an included
file. Which anybody could get at. However the code being hidden doesn't change
that I could look for a cookie from your domain, see it's value, and still
create another cookie.
What you're all looking for is a *session based* authentication system. PHP does
this, and you can do it yourself if you have a database set up.
-- Dave
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Timothy_Maguire | 2001-03-13 20:48:29 | Re: Re: Secure pages |
| Previous Message | Michael Fork | 2001-03-13 19:50:17 | Re: Re: Secure pages |