[nycphp-talk] <a href> vs. <form> request
Chris Shiflett
shiflett at php.net
Thu Apr 17 11:35:46 EDT 2003
--- "Bhulipongsanon, Pinyo" <Pinyo.Bhulipongsanon at usa.xerox.com> wrote:
> Hi Chris,
>
> Thanks. How would you tighten it up?
>
> Pinyo
Well, I'm not sure what you're wanting to do exactly. In general, I try to
focus most of my creative thinking on two things:
1. Storing everything that isn't necessary for client identification on the
server (such as in a session) and trusting nothing from the client.
2. Making it very difficult for someone to impersonate another user.
If you tell me your primary concern(s), I might be able to offer some
suggestions.
Chris
More information about the talk
mailing list