[nycphp-talk] Denying multiple logins to restricted pages
nyphp at enobrev.com
Thu Feb 27 12:40:49 EST 2003
Nothing yet.. As I said the script I've created still requires some
debugging. Covering the code end is simple as it's running regex on all
incoming text and only using what it understands, which are xml formatted
instructions, such as <message /> <login /> and <logout />. On the hardware
end, I haven't gotten that far yet.
So basically, any code can get in, but only the correct code is used.
From: Christopher R. Merlo [mailto:cmerlo at turing.matcmp.ncc.edu]
Sent: Thursday, February 27, 2003 12:22 PM
To: NYPHP Talk
Subject: Re: [nycphp-talk] Denying multiple logins to restricted pages
On 2003-02-27 12:15 -0500, Mark Armendariz <nyphp at enobrev.com> wrote:
> But in reading this I also remembered another solution that came to
> mind, which I had never actually tried, but thought might work well.
> On one of my side projects, I had created a socket based chat. The
> backend is php (I started it with perl, but i'm more comfortable with
> php). It basically runs in the bg on my server waiting for socket
> connections to a specific port. The chat client is using flashmx'
> socket goodies (using xml_sockets for those keeping score).
Pardon my limited understanding, but doesn't socket use open the door to
potential security risks? What kind of stuff did you put in place to make
sure that only the code you want gains access on that socket? -Chris
cmerlo at turing.matcmp.ncc.edu http://turing.matcmp.ncc.edu/~cmerlo
Windows: When it absolutely, positively has to crash overnight.
--- Unsubscribe at http://nyphp.org/list/ ---
More information about the talk