> Hey DF,
> the hash works as a protection. If i dont use a hash, anybody can start
> trying out every single download like this:
>
> www.foo.com/get.php?id=1
> www.foo.com/get.php?id=2
> www.foo.com/get.php?id=3
> ...
> www.foo.com/get.php?id=59
> etc.
>
> With the hash i know the will be able to download the proper file ONLY
> from the proper link.
But, if you can control it, hash isn't really secure... you must have some
session vars letting user download some files...
in proper referer you set a ticket and in "get.php" you can check the
ticket...
regards!
--
José Miguel Santibáñez
jms@xxxxxxxxx
------------------------ Yahoo! Groups Sponsor --------------------~-->
Protect your PC from spy ware with award winning anti spy technology. It's free.
http://us.click.yahoo.com/97bhrC/LGxNAA/yQLSAA/saFolB/TM
--------------------------------------------------------------------~->
PHP Data object relational mapping generator
http://www.metastorage.net/
Yahoo! Groups Links
<*> To visit your group on the web, go to:
http://groups.yahoo.com/group/php-objects/
<*> To unsubscribe from this group, send an email to:
php-objects-unsubscribe@xxxxxxxxxxxxxxx
<*> Your use of Yahoo! Groups is subject to:
http://docs.yahoo.com/info/terms/
