AW: AW: how can I CALL a PHP script from different TEXT LINKSwith differentPARAMETERS?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

HI,

I totaly agree to Jaspers answer.

That?s why I use ONE jumpto script and GET.

I usually encrypt the given Values I give over to the script and decrypt
them on recive. That way nearly nobody can assume wich values are really
given to the script.

If you want to make it rocket safe, generate a random string that you place
in a session variable for crypting and decrypting. By that way the value is
different on every startup and you can be ure that you have made it when
decrypting. If someone try's to use xsripting and try's to fool your script,
latest the case structure yould not work, cause no plausible data is
recived.

But who would like to xscript on a jump page, it can't harm really. 

Greetings
Mirco

-----Ursprüngliche Nachricht-----
Von: Jasper Bryant-Greene [mailto:jasper@xxxxxxxxxxx] 
Gesendet: Sonntag, 20. November 2005 04:12
An: xkorakidis
Cc: php-general@xxxxxxxxxxxxx
Betreff: Re: AW:  how can I CALL a PHP script from different TEXT
LINKSwith differentPARAMETERS?

xkorakidis wrote:
> Webmaster, thanks very much but I think it would be safer to do that by
> post, not by get. Furthermore, if I use indivudual files

It is a fallacy to ever tell someone that POST is safer than GET. They 
both transmit data in plaintext and it should not be assumed that either 
is inherently safer than the other, as this simply gives others a false 
sense of security.

The difference between POST and GET lies in the semantics -- POST 
represents something changing on the server, e.g. updating a database 
field, and allows the browser to warn the user if they try to refresh. 
GET represents nothing of importance changing on the server, e.g. 
performing a search on the database, and can safely be repeated.

SSL/TLS is the best option if you wish to transmit sensitive data.

-- 
Jasper Bryant-Greene
General Manager
Album Limited

+64 21 708 334
jasper@xxxxxxxxxxx

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[Index of Archives]     [PHP Home]     [Apache Users]     [PHP on Windows]     [Kernel Newbies]     [PHP Install]     [PHP Classes]     [Pear]     [Postgresql]     [Postgresql PHP]     [PHP on Windows]     [PHP Database Programming]     [PHP SOAP]

  Powered by Linux