Re: Re: Secure pages

On Tue, 13 Mar 2001, Michael Fork wrote:

->The easiest way in PHP that I have found is to create a file called
->validate.php containing the following:
->
-><?
->  if ($HTTP_COOKIE_VARS["MyCookie"] != 'Some Value') {
->    header("Location: http://my.company.com/login");
->  }
->?>
->
->and, after the user has logged in, set a cookie.  Then, for each page that
->should be for a logged-in user only, just include the validate.php file.

Boy that's not very secure...I could find your included file, see what 'Some
Value' is, and then just make my own cookie!

-- Dave


---------------------------(end of broadcast)---------------------------
TIP 2: you can get off all lists at once with the unregister command
    (send "unregister YourEmailAddressHere" to majordomo@postgresql.org)