Quote:
Originally posted by Big E
The only problem with sessions is that the underlying content (images, videos etc) are still accessible. Sessions only protect HTML/PHP files.
Sure, you can put HTTP_REFERER protection in, but we all know how easy it is to spoof referrers.
Fortunately, there's a solution to this.
Addition: SSL is *NOT* the solution. It's very CPI-intensive.. if you're doing ANY kind of traffic, you're going to be bogged down, even if you've got an SSL accelerator card.
|
As I stated before :
You only use the SSL for the login screen...
PHP sessions can be made 100% secure, yes.
Not only HTML files, you can show your pics like pic.php?pic=123