Re: How to secure this

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Michael A. Peters wrote:
John Allsopp wrote:

Well no they are not logged in, it's just an embedded iframe so that's my main issue with my method, anyone could look at the web page source, pinch the URL of the iframe and they'd have the username and password.

I think the only way to do it is to make a key per referring url and use the key as a get variable.

Either the referring url matches the key or it doesn't.

That should work with an object/iframe embedding of a resource, browsers by default send the referrer header.

Except when the object is handled by a plugin, they are notorious for not sending that header (and thus IMHO are broken). But it sounds like the resource you are providing is not requested by a plugin.

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php


[Index of Archives]     [PHP Home]     [Apache Users]     [PHP on Windows]     [Kernel Newbies]     [PHP Install]     [PHP Classes]     [Pear]     [Postgresql]     [Postgresql PHP]     [PHP on Windows]     [PHP Database Programming]     [PHP SOAP]

  Powered by Linux