[nycphp-talk] <a href> vs. <form> request

Chris Shiflett shiflett at
Thu Apr 17 11:35:46 EDT 2003

--- "Bhulipongsanon, Pinyo" <Pinyo.Bhulipongsanon at> wrote:
> Hi Chris,
> Thanks.  How would you tighten it up?
> Pinyo

Well, I'm not sure what you're wanting to do exactly. In general, I try to
focus most of my creative thinking on two things:

1. Storing everything that isn't necessary for client identification on the
server (such as in a session) and trusting nothing from the client.
2. Making it very difficult for someone to impersonate another user.

If you tell me your primary concern(s), I might be able to offer some


More information about the talk mailing list