Women in Technology

Hear us Roar



Article:
  Ten Security Checks for PHP, Part 1
Subject:   Register Globals on
Date:   2003-05-26 11:13:56
From:   anonymous2
Response to: Register Globals on

Using POST instead of GET does not secure any script at all. Imagine creating your custom form on your local machine and directing the action to http://www.somwhere.net/someaction.php
Main Topics Oldest First

Showing messages 1 through 2 of 2.

  • Register Globals on
    2007-03-01 11:52:54  andrwe [View]

    My method for securing where POST data comes from is thus:

    $referer = $_SERVER['HTTP_REFERER'];
    if ($referer != "http://www.domain.com/form.html") {
    echo "nice try!";
    } else {
    process_form();
    }

    Any downside to that (other than having to change the URL upon upload)?
  • Register Globals on
    2003-09-26 17:58:53  anonymous2 [View]

    how do you turn it on