On Fri, Oct 17, 2008 at 7:14 PM, Yeti <yeti@xxxxxxxxxx> wrote: > >but whose counting :-)) > > Someone is for sure. Maybe the scheduler? > > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php > > Security is a mindset and if your data is not that important, sessions and some quick authentication checks are fine. If you're like me and the application is used by large international retailers and your data included PII (personal identity information) and PCI (credit card) then is far more important and needs to be handled appropriately. If it eats up more CPU cycles to better validate the user and their application authentication, so be it. In my case, its better to be safe than sorry. Those mistakes could get very expensive -- Bastien Cat, the other other white meat
