[FX.php List] How to avoid URL counterfeiting
william.downs at gmail.com
Thu Jun 28 05:54:16 MDT 2007
Hi guys -
excellent breadth of knowledge here I have to say ! - but a lot of
archive material to get through !
I am forced sometimes to use header : Location:
filename.php?salesId=$salesId&conID=$conID - but an inquisitive user
(or a malicious one) may of course swap out the ids - what's the best
method of not allowing this to happen ? - I will log them out of
course if they try this :-)
I am thinking about setting session variables and comparing them to
the request variables, but is the correct method ?
To see victory only when it is within the ken of the common herd is
not the acme of excellence.
More information about the FX.php_List