Page 1 of 1

PHP is nice.

Posted: Mon Dec 02, 2002 2:59 pm
by Genteel Beaux
I have only been working with PHP for about a month and I already have a working web application built that I am thinking about putting online. It is pretty much a message board. I develop intranet ASP web applications for my current job so I am not that experience when it comes to developing internet web applications. Are there any security issues I need to be aware of before putting my site on the internet particularly, a php/mysql/apache based web app? Also, when would I want to use session variables vs just passing an user key or something from page to page through hidden input fields? On some of projects at work, we are getting a lot of errors due to session issues. I am trying not to use session variables if I don't have to.

Posted: Mon Dec 02, 2002 3:02 pm
by horgh
passing user keys etc. through hidden fields is submitting it in plain text. so it is vulnerable to packet sniffing etc. if you dont use a secure transport method like ssl
encoding userdata in sessions is the much better and elegant way

Posted: Mon Dec 02, 2002 5:42 pm
by mydimension
Genteel, i deleted your duplicate post to avoid confusion.

Posted: Mon Dec 02, 2002 5:45 pm
by Genteel Beaux
mydimension,

No problem.


horgh,

How do I encode the data?