siavash1979@xxxxxxxxx wrote:
well is that a secure way? I thought if I use md5 and so on it'll make it more
secure and harder to hack.
would a table for user-fileid be good enough?
I don't really know why I thought it had to be secured, I just don't want it to
be eaily hacked.
Unless I'm not understanding your intended flow of data, it's no more or
less secure than your way, just a hell of a lot simpler. Everything
you're doing is happening on the server-side, as is everything I'm
doing. All that comes from the client-side is the username and the file
ID. Both methods have the same uncontrollable inputs and are therefore
basically the same from a security point of view.
-Stut
Quoting Stut <stuttle@xxxxxxxxx>:
siavash1979@xxxxxxxxx wrote:
<snipped a confusing idea>
Any idea if this is a good way to do this or not? any better suggestions?
is
this secured?
I'm confused. What's wrong with having a table containing a row per
file, then having another table containing the users. Add a third table
containing two fields, username and fileid, which contains one row per
user per file they've purchased. When they try to download a file you
check against that table.
Maybe I'm missing the point of all the md5 crap. If so, please enlighten me.
-Stut
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
