Re: Re: Secure pages

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



not if the include file ends with a .php -- since it is in <? ?>, anybody
acessing the file from a web browser would not be able to see it.

Michael Fork - CCNA - MCP - A+
Network Support - Toledo Internet Access - Toledo Ohio

On Tue, 13 Mar 2001, David Olbersen wrote:

> On Tue, 13 Mar 2001, Michael Fork wrote:
> 
> ->The easiest way in PHP that I have found is to create a file called
> ->validate.php containing the following:
> ->
> -><?
> ->  if ($HTTP_COOKIE_VARS["MyCookie"] != 'Some Value') {
> ->    header("Location: http://my.company.com/login";);
> ->  }
> ->?>
> ->
> ->and, after the user has logged in, set a cookie.  Then, for each page that
> ->should be for a logged-in user only, just include the validate.php file.
> 
> Boy that's not very secure...I could find your included file, see what 'Some
> Value' is, and then just make my own cookie!
> 
> -- Dave
> 
> 


---------------------------(end of broadcast)---------------------------
TIP 1: subscribe and unsubscribe commands go to majordomo@xxxxxxxxxxxxxx





[Index of Archives]     [Postgresql General]     [Postgresql Admin]     [PHP Users]     [PHP Home]     [PHP on Windows]     [Kernel Newbies]     [PHP Classes]     [PHP Databases]     [Yosemite Backpacking]     [Postgresql Jobs]

  Powered by Linux