[nycphp-talk] NEW PHundamentals Question
jon baer
jonbaer at jonbaer.net
Mon Feb 9 22:05:47 EST 2004
the last method was session hashing for the page to create a unique entry
token and then hiding it ...
<input type="hidden" name="priv_key" value="32-bit/md5">
if the sessions + keys didnt match you would know they came from somewhere
else. i think the real key is just to have something unique in your POST as
to distinguish it from something else. this method is actually pretty
similar to using the graphic except the server does the work. one time keys
work for pretty much anything.
im guessing cookie dropping can work as well since the would have to come
from @ least one entry page on your website before spotting the
registration. would be interested in what the php security cookbook has to
say about this :-)
- jon
----- Original Message -----
From: "Jeff Siegel" <jsiegel1 at optonline.net>
To: "NYPHP Talk" <talk at lists.nyphp.org>
Sent: Monday, February 09, 2004 9:58 PM
Subject: Re: [nycphp-talk] NEW PHundamentals Question
> That's one method that's growing in popularity.
> Prior to using this method, was there another method that you've used?
>
> Jeff
More information about the talk
mailing list