Re: PHP

From: Nathan Cook (security@pcsedu.com)
Date: 09/03/01


Message-ID: <003d01c13440$107d8f60$a300000a@pcsedu.com>
From: "Nathan Cook" <security@pcsedu.com>
To: <secprog@securityfocus.com>
Subject: Re: PHP
Date: Mon, 3 Sep 2001 00:15:45 -0600

Hello!

> From: <teo@gecadsoftware.com>
> To: <secprog@securityfocus.com>
> yep, but such a page would have to know what is needed or not on a page, so it
> would become a `fat server' to say so, keeping the track of all pages.

More or less, I would just restrict where the variables can come from, i.e.: it
is easier to fake get vars, and cookie vars rather than post vars. You may be
able to get even more creative and strrev() (string reverse) all the variables,
or even encrypt and decrypt before and after sending with HTTP_PREPEND and
HTTP_APPEND to run before and after the script.

The http_prepend and http_append just opens up a lot of doors of opportunity for
such encryption.

Hope that helps!

Nathan Cook
ncook@pcsedu.com



Relevant Pages

  • Re: [PHP] Posting a variable
    ... Just call your vars $foo1 to $fooX-- at least that's ... it warrants an elimination of array access overhead then why not use the ... | An application and templating framework for PHP. ... scalable system for accessing system services | ...
    (php.general)
  • RES: [PHP] Is it possible to send POST vars through a header redirect?
    ... Para: tedd ... Not possible to send POST in header if your aim is to hide vars from users. ... I am a recruiter who joined this list to understand a little about PHP. ... To unsubscribe, visit: http://www.php.net/unsub.php ...
    (php.general)
  • Re: php rawurldecode from javascripts escape()
    ... > I'm sending some vars to php from javascript. ... > I'm using javascripts escape() function to be able to send them ... My problem is on the php side. ... Try using encodeURIComponent() instead of escape. ...
    (comp.lang.php)
  • Re: PHP newbie : exist short form for print() ?
    ... >> short form for print out of vars as in the same way as in XSL or JSP? ... > may be problems depending on the PHP server configuration. ... Steve ... Prev by Date: ...
    (comp.lang.php)
  • php rawurldecode from javascripts escape()
    ... I'm sending some vars to php from javascript. ... I've also tried looking at base64 encoding from javascripts' end, ...
    (comp.lang.php)