Menu
I'm all in a security funk right now so I'm going through making everything as secure as possible. I got a login going and I'm referencing this:
http://www.addedbytes.com/writing-secure-php/writing-secure-php-1/
The first example is that of a login and if you say ?authorization=1 you get in. But if I wrap my code around a if($_POST) then the user MUST make a post. Can a user fake a $_POST? How do I go about faking a $_POST?
603
A user can simply create a file on their local machine with:
<form action="http://yoursite.com/login.php" method="post">
<input type="text" name="username" value="hahaha faked it!" />
<input type="text" name="password" value="hee hee you can't tell this is fake" />
<input type="submit">
</form>
and boom, "fake" post. In other words, you have to assume that anything and everything the user sends is potentially fake.
174
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
