> -----Original Message----- > From: APseudoUtopia [mailto:apseudoutopia@xxxxxxxxx] > Sent: Wednesday, December 10, 2008 9:12 AM > To: tedd > Cc: ash@xxxxxxxxxxxxxxxxxxxx; PHP General > Subject: Re: how to not show login info in the url ...what am I > looking for? > > On Wed, Dec 10, 2008 at 10:03 AM, tedd <tedd.sperling@xxxxxxxxx> wrote: > > At 9:52 PM +0000 12/9/08, Ashley Sheridan wrote: > >> > >> You shouldn't be passing info like that over the URL; use sessions > >> instead. > >> > >> I saw a shopping cart system once that passed the price of items > over > >> the URL, and when I found out and alerted them, we won the contract > for > >> a rebuild and then got accused of hacking by their previous web guys > >> (who incidentally built the system!) > > > > Ash: > > > > Even if you did hack the site, all that means is that site was hack- > able and > > thus should have been fixed anyway. > > > > In my mind, hacking a site (without doing damage) is a good > introduction to > > a client. > > *Ahem*....You mean 'cracking'? :-P IMHO... Cracking: breaking encryption/obfuscation methods in order to gain unauthorized access to information. "I cracked the admin's password using a brute force algorithm." Hacking: circumvent or leverage security flaws in order to gain unauthorized access to information. For example - "I hacked into the Gibson by re-routing their logon routine." (No, that doesn't make any sense. Maybe it's straight out of the movie "Hackers.") I realize that people have been using "cracker" as a malicious form of "hacker," and that a "hacker" is not malicious; but that is stupid. Cracking started out dealing with cryptography in my experience, and that's how I will continue to identify it. Think about it--people were "safe crackers" (discovering the combination to safety deposit boxes) before there were computers in existence. My 2c, // Todd
