473,387 Members | 1,516 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

home > topics > php > questions > post security

Join Bytes to post your question to a community of 473,387 software developers and data experts.

Post Security

Hello,
I can't get my head around form mail scripts and people injecting extra
code in there. I don't know if they actually achieve anything or not. I
am using a script from
Web4Future Easiest Form2Mail (GPL).
Copyright (C) 1998-2005 Web4Future.com All Rights Reserved.
http://www.Web4Future.com/
Does anyone know if that script is supposed to be secure. ?

Anyway... my point is not that much just the formmail script but any
post form and post handling script.
Is there a standard checklist of security threats I should be looking
regarding forms that send crucial data ?
For example when you send something to paypall or worldpay you have to
send an id that uniquely identifies you ok ?
Now that is visible to everyone.
But it doesn't really produce any security threat at all.

BUT if I need someone to send an id to my script and use it as a
signature to use the site services that means that someone can fake it
easily and start using the website without signing up.
I don't want people to login because they would have allready loged in
elsewhere.
Using post variables seems to be the easiest way to store data in my DB
from any other site cross platform.

Any ideas or discussions on all these ?

Thanks for reading anyway,
and I hope it makes sense. :)

Oct 16 '06 #1
2 1489

NurAzije wrote:
Here some useful links :
http://www.devshed.com/c/a/PHP/Creat...-Login-Script/
http://www.ilovejackdaniels.com/php/writing-secure-php/
http://www.zend.com/zend/art/art-oertli.php
for more tutorials and tips also visit my blog at:
http://www.nurazije.co.nr
Thanks for the links. I'll have a look :)

Oct 16 '06 #3
New Post

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

5
Form Post Doesn't Work
by: Google Mike | last post by:
I have RH9 Linux with the versions of Apache and PHP that came with it. The PHP is version 4.2.2 on the CD, I believe. Apache, I think, is version 2.0. I found I can do some regular PHP stuff...
PHP
6
Question regarding GET and POST
by: stuie... | last post by:
First off, I'm a newbie to PHP and server side scripting. I'm curious if there are any specific guidelines as to when one should use "GET" or "POST" in forms processing. I've had issues moreso...
PHP
11
HELP -> stop post data expiring?
by: brendan | last post by:
Sorry this isnt a cross post .. i just didnt get any help from alt.php. I have a website which utilises post forms for navigation in some areas. Problem is, when *some* users hit the BACK button...
PHP
2
After changing security settings Post-method returns emty variables
by: Asp Help | last post by:
I'm working on a ASP applicatition to create Windows 2000 users. Because I don't want everybody to have access to the site I've changed te security in IIS 5.0 which runs on a windows 2000 Sp4...
ASP / Active Server Pages
12
Encryption of post data
by: Peter Young | last post by:
I'm looking for ideas on encrypting form data. For example, if a user enters a password, I would like to encrypt it before it gets posted, then decrypt it server-side. The obvious answer for a...
Javascript
3
using integrated NT security for an http post through a proxy serv
by: Robb Gilmore | last post by:
Hello, We have a C#.NET app which runs as a windows service. Periodically it needs to post information via the internet to a remote server. For the posting, we are using HttpWebRequest class....
.NET Framework
7
How do I perform an HTML POST from a button using vb.net code?
by: | last post by:
Hello, I would like to do the following from a asp.net button click: <form method="POST" action="https://www.1234.com/trans_center/gateway/direct.cgi"> <input type="hidden" name="Merchant"...
ASP.NET
9
how to rate a post?
by: c676228 | last post by:
Hi, I am new to this discussion forum. I started to post questions on this forum since this Jan. and got many good responses and I am very appreciated to those who are willing to help with their...
ASP.NET
0
How to turn on java script in a villaon keypad mobile phone
by: Charles Arthur | last post by:
How do i turn on java script on a villaon, callus and itel keypad mobile phone
Java
0
Batch import of multiple excel files into the database
by: ryjfgjl | last post by:
If we have dozens or hundreds of excel to import into the database, if we use the excel import function provided by database editors such as navicat, it will be extremely tedious and time-consuming...
Data Management
0
Merging data from multiple Excel files
by: ryjfgjl | last post by:
In our work, we often receive Excel tables with data in the same format. If we want to analyze these data, it can be difficult to analyze them because the data is spread across multiple Excel files...
Data Management
0
Migrating Website to Cloud - Emmanuel Katto
by: emmanuelkatto | last post by:
Hi All, I am Emmanuel katto from Uganda. I want to ask what challenges you've faced while migrating a website to cloud. Please let me know. Thanks! Emmanuel
General
0
BarryA
Navigating the Data Structures and Algorithms (DSA)
by: BarryA | last post by:
What are the essential steps and strategies outlined in the Data Structures and Algorithms (DSA) roadmap for aspiring data scientists? How can individuals effectively utilize this roadmap to progress...
Algorithms / Advanced Math
1
Looking to do Android software development, any suggestions? Is flutter better?
by: nemocccc | last post by:
hello, everyone, I want to develop a software for my android phone for daily needs, any suggestions?
General
0
How to build RAID in BIOS?
by: Hystou | last post by:
There are some requirements for setting up RAID: 1. The motherboard and BIOS support RAID configuration. 2. The motherboard has 2 or more available SATA protocol SSD/HDD slots (including MSATA, M.2...
Computer Hardware
0
marktang
What is ONU?
by: marktang | last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However,...
General
0
Oralloy
Problem With Comparison Operator <=> in G++
by: Oralloy | last post by:
Hello folks, I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>". The problem is that using the GNU compilers,...
C / C++

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.

BYTES.COM © 2024
About Bytes
Terms Of Use
Privacy Policy
Sitemap
Advertise on Bytes:
Post a Job
Sponsored Posts
Platinum & Gold Sponsors
Hire Now!