Discussions of secure PHP coding. Security in software is important, so don't be afraid to ask. And when answering: be anal. Nitpick. No security vulnerability is too small.
Moderator: General Moderators
murlopaz
Forum Commoner
Posts: 60 Joined: Wed Oct 11, 2006 5:02 pm
Location: Baltimore, MD, USA
Post
by murlopaz » Fri Feb 23, 2007 8:06 am
Are sessions more secure then hidden values passed through post?
In my opinion yes, since a hacker that knows the name of the variable that is passed can spoof the form submition.
What do you think?
superdezign
DevNet Master
Posts: 4135 Joined: Sat Jan 20, 2007 11:06 pm
Post
by superdezign » Fri Feb 23, 2007 8:46 am
Server-side is always more secure than client-side.
Get firebug and try editing HTML on a page. Hidden fields are barely secure at all.
Tommy1402
Forum Newbie
Posts: 23 Joined: Tue Oct 03, 2006 4:33 am
Location: bandung
Contact:
Post
by Tommy1402 » Fri Feb 23, 2007 11:23 pm
sorry if this question sounds silly..
but, what are the benefit of using hidden value ?
thanks
nickvd
DevNet Resident
Posts: 1027 Joined: Thu Mar 10, 2005 5:27 pm
Location: Southern Ontario
Contact:
Post
by nickvd » Sat Feb 24, 2007 2:45 am
Tommy1402 wrote: sorry if this question sounds silly..
but, what are the benefit of using hidden value ?
thanks
It's a quick and dirty way of transfering data from one page to the next... sessions is almost always the best choice...