 |
 |
 |
 |
|
|
Date: 07/15/00
- Next message: Kristian Koehntopp: "Re: [phplib] local.inc problem and non- existant classes errors"
- Previous message: Eric Ries: "[phplib] bug in serialize()"
- In reply to: Jim Ide: "[phplib] How to detect cookies and javascript"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
In netuse.lists.phplib you write:
>1. phplib uses cookies to pass the session id, and falls back
> to GET. How can I force users to use cookies and NOT allow
> GETs?
In your session subclass, set $mode = "cookie", and set
$fallback_mode empty.
>can NEVER be sent to the server? In other words, I want to print an error
>message on the user's browser if it won't run javascript, and instruct the
>user to upgrade to a newer browser.
If you try this out on the internet, many users will not be able
to use your site, as Javascript, Java and ActiveX are filtered
on many firewalls for security reasons or are turned off in the
browser. Additionally, this is not really secure, as there is
not proof of authenticity from the server. Man in the
middle-Attacks are still possible.
If you want a secure server, set one up and use https:// to
access it. This is a much better approach that what PHPLIB does.
Kristian
---------------------------------------------------------------------
To unsubscribe, e-mail: phplib-unsubscribe <email protected>
For additional commands, e-mail: phplib-help <email protected>
- Next message: Kristian Koehntopp: "Re: [phplib] local.inc problem and non- existant classes errors"
- Previous message: Eric Ries: "[phplib] bug in serialize()"
- In reply to: Jim Ide: "[phplib] How to detect cookies and javascript"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]