PHP is nice.

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
Genteel Beaux
Forum Commoner
Posts: 28
Joined: Wed Nov 13, 2002 4:07 pm
Location: Alabama

PHP is nice.

Post by Genteel Beaux »

I have only been working with PHP for about a month and I already have a working web application built that I am thinking about putting online. It is pretty much a message board. I develop intranet ASP web applications for my current job so I am not that experience when it comes to developing internet web applications. Are there any security issues I need to be aware of before putting my site on the internet particularly, a php/mysql/apache based web app? Also, when would I want to use session variables vs just passing an user key or something from page to page through hidden input fields? On some of projects at work, we are getting a lot of errors due to session issues. I am trying not to use session variables if I don't have to.
User avatar
horgh
Forum Newbie
Posts: 23
Joined: Mon Oct 21, 2002 9:50 am
Location: GER
Contact:

Post by horgh »

passing user keys etc. through hidden fields is submitting it in plain text. so it is vulnerable to packet sniffing etc. if you dont use a secure transport method like ssl
encoding userdata in sessions is the much better and elegant way
User avatar
mydimension
Moderator
Posts: 531
Joined: Tue Apr 23, 2002 6:00 pm
Location: Lowell, MA USA
Contact:

Post by mydimension »

Genteel, i deleted your duplicate post to avoid confusion.
Genteel Beaux
Forum Commoner
Posts: 28
Joined: Wed Nov 13, 2002 4:07 pm
Location: Alabama

Post by Genteel Beaux »

mydimension,

No problem.


horgh,

How do I encode the data?
Post Reply