[FX.php List] This is doing my head in...
Gjermund Gusland Thorsen
ggt667 at gmail.com
Sun Nov 25 11:40:55 MST 2007
The reason is the _REQUEST is not always configured to response the
same way on all installs.
ggt667
On Nov 25, 2007 6:47 PM, Steve Winter <steve at bluecrocodile.co.nz> wrote:
> A typically cryptic, completely off the point, ggt post ;-)
>
> As I understand it, the theory of it is that it means that pages which
> require data to be posted, and are therefore capable of making changes to a
> database are more easily able to be 'hacked' if they use _REQUEST, since it
> means that someone could look at the source of your html page, determine
> variables about your database, then use a get command to 'attack' your
> database, or some such thing of that kind...
>
> In the case of that code, it's totally irrelevant, as the user has to have
> already logged in to get anywhere that code, they will never be able to
> determine its name from the web, since it's a page which is included by a
> page which in turn was included previously, based on a series of 'upstream
> decisions'...
>
> And for the record, the problem still persists, so if anyone can see any
> reason why code that will behave correctly when accessed once round all of a
> sudden 'flips out' when it's used a short time later...
>
> Thanks
> Steve
>
> -----Original Message-----
> From: fx.php_list-bounces at mail.iviking.org
> [mailto:fx.php_list-bounces at mail.iviking.org] On Behalf Of Dale Bengston
> Sent: Sunday, 25 November 2007 5:12 p.m.
> To: FX.php Discussion List
> Subject: Re: [FX.php List] This is doing my head in...
>
>
> Why not?
>
> Dale
>
> On Nov 25, 2007, at 3:21 AM, Gjermund Gusland Thorsen wrote:
>
> > Never use _REQUEST, use _POST or _GET
>
> _______________________________________________
> FX.php_List mailing list
> FX.php_List at mail.iviking.org
> http://www.iviking.org/mailman/listinfo/fx.php_list
>
> No virus found in this incoming message.
> Checked by AVG Free Edition.
> Version: 7.5.503 / Virus Database: 269.16.6/1150 - Release Date: 24/11/2007
> 5:58 p.m.
>
>
> No virus found in this outgoing message.
> Checked by AVG Free Edition.
> Version: 7.5.503 / Virus Database: 269.16.6/1150 - Release Date: 24/11/2007
> 5:58 p.m.
>
>
>
>
> _______________________________________________
> FX.php_List mailing list
> FX.php_List at mail.iviking.org
> http://www.iviking.org/mailman/listinfo/fx.php_list
>
More information about the FX.php_List
mailing list