[FX.php List] How to avoid URL counterfeiting

William Downs william.downs at gmail.com
Thu Jun 28 05:54:16 MDT 2007


Hi guys -

excellent breadth of knowledge here I have to say ! - but a lot of
archive material to get through !

I am forced sometimes to use header : Location:
filename.php?salesId=$salesId&conID=$conID - but an inquisitive user
(or a malicious one) may of course swap out the ids - what's the best
method of not allowing this to happen ? - I will log them out of
course if they try this :-)

I am thinking about setting session variables and comparing them to
the request variables, but is the correct method ?

William
-- 
To see victory only when it is within the ken of the common herd is
not the acme of excellence.


More information about the FX.php_List mailing list