FUDforum
Fast Uncompromising Discussions. FUDforum will get your users talking.
Home » FUDforum » FUDforum Suggestions » Semi-bug, slight misdesign? GET requests.
Show: Today's Messages :: Polls :: Message Navigator
Return to the default flat view Create a new topic Submit Reply
Re: Semi-bug, slight misdesign? GET requests. [message #14169 is a reply to message #14143] Thu, 06 November 2003 18:24 Go to previous messageGo to previous message
Anonymous   United States
I wasn't concerned with security as much as I was about the behavior of browsers or proxies submitting more than one GET request for a resource that alters something permanently.


Regarding security, what I do now is something like this(generalized example):


<a href=" http://somewhere.net/somescript.php?action=lock&thread=4&k={special id}">

Where specialid is the md5sum of the session id, remote ip address, and some other unique things.

Then if the value of "k" read in somescript.php does not equal to the calculated special id, the request is denied.

I do something similar to this with POST requests. I guess it would be vaguely similar to using the verification aspects of URL sessions.

Report message to a moderator

[Message index]
 
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Previous Topic: XML/RSS buttons for easy syndication of forum content
Next Topic: Capture post title when going from thread-->PM create
Goto Forum:
  

-=] Back to Top [=-
[ Syndicate this forum (XML) ] [ RSS ]

Current Time: Wed Jul 03 14:12:13 GMT 2024

Total time taken to generate the page: 0.04432 seconds
.:: Contact :: Home ::.

Powered by: FUDforum 3.1.3.
Copyright ©2001-2023 FUDforum Bulletin Board Software