security concerns (on fopen script)
Posted: Fri Sep 03, 2004 2:48 am
Hi
I read a lot about sessions and how to make a secure area for sensitive data use. But when it comes down to a simple question I can't explain it to myself.
I have two pages. One displays a few documentlinks which directs to a second page , that handles the fopen filestream to the client.So what is the best way to transmit the information about this document (path, filename and username) to the second page (where I have to check if info is valid).
Do I save this info in the session and recall it in the second script page or do I transmit it with GET parameters ? or is there even a better, more secure way ? I thought about maybe encrypting parameters. Some function similar to the mySql function in php.
But I haven't found one.
-----------------------
In general I want to take following things into consideration
- SSL
- WWW Auth
- Session Handling
Do I miss something important for more security ?
Thx for the great support _yak
I read a lot about sessions and how to make a secure area for sensitive data use. But when it comes down to a simple question I can't explain it to myself.
I have two pages. One displays a few documentlinks which directs to a second page , that handles the fopen filestream to the client.So what is the best way to transmit the information about this document (path, filename and username) to the second page (where I have to check if info is valid).
Do I save this info in the session and recall it in the second script page or do I transmit it with GET parameters ? or is there even a better, more secure way ? I thought about maybe encrypting parameters. Some function similar to the mySql function in php.
Code: Select all
ENCODE(str,pass_str)
DECODE(crypt_str,pass_str)-----------------------
In general I want to take following things into consideration
- SSL
- WWW Auth
- Session Handling
Do I miss something important for more security ?
Thx for the great support _yak