[ciapug] Securing session variables

Chris Hettinger ciapug@cialug.org
Tue, 18 Nov 2003 08:45:33 -0600 

Thx, and I am using $_SESSION[] rather than globals as well.



-----Original Message-----
From: ciapug-admin@cialug.org [mailto:ciapug-admin@cialug.org]On Behalf
Of Dave J. Hala Jr.
Sent: Tuesday, November 18, 2003 8:35 AM
To: PHP List
Subject: Re: [ciapug] Securing session variables


I don't encode them, but I do try to use them sparingly. I also think it
is important to call them using $_SESSION[], rather than as a global.



On Tue, 2003-11-18 at 08:18, Chris Hettinger wrote:
> What are your suggestions in regards to securing session variables in =
web site applications?
>=20
> I am currently working on a project in which I am using session =
variable to store some key identifiers so the next page(s) can use them. =
I am wondering if I could do anything to secure these variables between =
page transitions.
>=20
> Could I encode them in some way on page X, before redirecting to page =
Y. Then having something decode it on page Y so it can be used ??
>=20
> -Chris Hettinger, Web Specialist
> -IFMC/ENCOMPASS
> -www.encompas.com
> -(515) 279-8730
>=20
>=20
>=20
> CONFIDENTIALITY NOTICE:  This communication, including any attachment, =
may contain confidential information and is intended only for the =
individual or entity to whom it is addressed.  Any review, =
dissemination, or copying of this communication by anyone other than the =
intended recipient is strictly prohibited.  If you are not the intended =
recipient, please contact the sender by reply email, delete and destroy =
all copies of the original message.'
>=20
> _______________________________________________
> ciapug mailing list
> ciapug@cialug.org
> http://cialug.org/mailman/listinfo/ciapug
--=20

"...Unix, MS-DOS and Windows NT (also known as the Good, the Bad, and =
the Ugly)"

OSIS
Dave J. Hala Jr.
641.485.1606


_______________________________________________
ciapug mailing list
ciapug@cialug.org
http://cialug.org/mailman/listinfo/ciapug


CONFIDENTIALITY NOTICE:  This communication, including any attachment, =
may contain confidential information and is intended only for the =
individual or entity to whom it is addressed.  Any review, =
dissemination, or copying of this communication by anyone other than the =
intended recipient is strictly prohibited.  If you are not the intended =
recipient, please contact the sender by reply email, delete and destroy =
all copies of the original message.'