Checking the method that was used to invoke your script is also a good security practice. This will help to harden your applications against unwanted breaches. If you are expecting to use POST methods for your application, then don't allow your script to be invoked with a GET method. For example:
If ($_SERVER['REQUEST_METHOD'] == 'POST') {
//your code goes here
}
else{
echo (" Hacking Attempt ");
exit;
}
Another thing you can do, is to check where the script is being invoked from. The server variable $HTTP_SERVER_VARS[HTTP_REFERRER'] contains the previous web page location. This can be very helpful blocking security problems, if you know your target audience. But, that being said, there are a couple of caveats. A hacker experienced in security intrusions may be able to spoof this to make it SEEM as if they came from the proper location. Also, personal firewalls such as Norton Personal Firewall or Zone Alarm block the referrer value by default. In that case, the client browsers don't return any value for $HTTP_SERVER_VARS[HTTP_REFERRER']. So while this is a can be a great tool to secure your scripts, it can also be virtually useless.
http://www.devshed.com/c/a/PHP...riables/3/
|
|
||||||||||||||||||||
|
Home •
Watched Topics •
Register •
Search•
Directory FAQ • Memberlist • Usergroups • Log in• Stores • Items • Bank |
||||||||||||||||||||
|
THE PHP FORUM.NET IS HIRING MODERATORS.
PLEASE SEND A PRIVATE MESSAGE TO PRATAMISHUS IF YOU WANT TO EARN SOME EXTRA CASH (Registered users only).
|
||||||||||||||||||||
|
Powered by phpBB © phpBB Group � Design by phpBBStyles.com | Styles Database |
||||||||||||||||||||
|
|
|