So now the hacker has to guess 'whatever' and 'whatever', right? Why not just use uniqid() and md5() to create a truly random unique id, so there's no chance of "guessing right"... ---John Holmes... > -----Original Message----- > From: Leif K-Brooks [mailto:eurleif@buyer-brokerage.com] > Sent: Sunday, December 01, 2002 10:55 PM > To: holmes072000@charter.net > Cc: php-db@lists.php.net > Subject: Re: Making field concat of autoincrement column and > other values? > > I'm trying to make a customised session system (I could use PHP's > built-in one, but I need a lot more control than it offers). I could > use the autoincremented id in a cookie, but it would be easy for a > hacker to change the cookie to gain access to others' data. > > John W. Holmes wrote: > > >>I could concat when selecting, but it will be used in the where clause > >>(it is neccesary to do it like this, I'm also md5ing it but forgot to > >>mention that), and I'm guessing it would be bad for the server to have > >>to concat and md5 in the where clause. > >> > >> > > > >Yeah, I guess so. This all begs the questions though of why you're doing > >all of this in the first place... > > > >---John Holmes... > > > > > > > > > > > > -- > The above message is encrypted with double rot13 encoding. Any > unauthorized attempt to decrypt it will be prosecuted to the full extent > of the law. > -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
