Quote:
Originally posted by pr0
dude im totally lost, did i do something insecure with the script i just put up?
|
no, but when you get into forms with user interaction and other things, someone could put a variable in the query string (i.e. using the "GET" method) when you are expecting a POST variable. POST is usually viewed as more secure since people can't see the data being sent to the server.
people could easily override a POST var with GET, or could override a session variable with a GET request. depending on your variables_order they could mess with your shit
if you have any other q's, hit me up on icq. just another resource for you chat with.