NYCPHP Meetup

NYPHP.org

[nycphp-talk] Tamperproof URLs and PHP slides posted

John Campbell jcampbell1 at gmail.com
Wed Dec 12 12:19:24 EST 2007


Thanks Nick,

I'll take some measures to obfuscate the "secret", but I just realized
I have another potential hole.  There is nothing to prevent someone
from actually getting a high score, then replaying the request to get
all of the top positions.  I suppose the solution is to have the
server create a random string, save it on the server, send it to the
client, and use the token as anonther element of the checksum.  Then
once the score is saved, the token is deleted from the server.  I
think that will work, but now I am starting to feel sorry for the next
guy that has to figure out what the hell the my code is doing. :)

Cheers,
John Campbell



More information about the talk mailing list