NYCPHP Meetup

[nycphp-talk] <a href> vs. <form> request

Chris Shiflett shiflett at php.net
Thu Apr 17 11:35:46 EDT 2003


--- "Bhulipongsanon, Pinyo" <Pinyo.Bhulipongsanon at usa.xerox.com> wrote:
> Hi Chris,
> 
> Thanks.  How would you tighten it up?
> 
> Pinyo

Well, I'm not sure what you're wanting to do exactly. In general, I try to
focus most of my creative thinking on two things:

1. Storing everything that isn't necessary for client identification on the
server (such as in a session) and trusting nothing from the client.
2. Making it very difficult for someone to impersonate another user.

If you tell me your primary concern(s), I might be able to offer some
suggestions.

Chris



More information about the talk mailing list