At 4:51 AM -0800 11/17/10, Don Wieland wrote:
Hello all,
I have recently built a site using PHP. I was a little loose with
GET and POST methods because I was using it for personal/private
use. Now I am thinking of going public and allow different companies
to use the site. I want to secure and hide as much data as possible
to guard against user abuse.
I have several instances where I use the GET method to pass IDS. I
can use a POST but even that is visible in the source. How does one
allow for processing but never really let the user see that actual
ID? Do I use a HASH for IDs? Do I need to get more familiar with
SESSION VARS.
I am doing some experimenting. Any words of wisdom or resources
would be helpful. Thanks!
Don Wieland
Don:
Buy: Essential PHP Security by Chris Shiflet
Well worth the money.
Cheers
tedd
--
-------
http://sperling.com/
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
