SitePoint Sponsor

User Tag List

Results 1 to 6 of 6
  1. #1
    SitePoint Wizard
    Join Date
    May 2012
    Posts
    1,004
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Post How can i invsible my url

    Hi, I am having problem in my website,how can i put security like the sitepoint did...because when i am going click anywhere in my page if the user have installed the firebug they can see what are my parameters.but i found out that sitepoint page cannot be seen when we navigate to other page and we use the firebug to see what happening in the page but i did not see parameters.Can anyone tell me how to do like sitepoint that our parameter will not be seen using firebug.

    please help me sitepoint people.

    Thank you in advance.

  2. #2
    Foozle Reducer ServerStorm's Avatar
    Join Date
    Feb 2005
    Location
    Burlington, Canada
    Posts
    2,699
    Mentioned
    89 Post(s)
    Tagged
    2 Thread(s)
    Quote Originally Posted by jemz View Post
    Hi, I am having problem in my website,how can i put security like the sitepoint did...because when i am going click anywhere in my page if the user have installed the firebug they can see what are my parameters.but i found out that sitepoint page cannot be seen when we navigate to other page and we use the firebug to see what happening in the page but i did not see parameters.Can anyone tell me how to do like sitepoint that our parameter will not be seen using firebug.

    please help me sitepoint people.

    Thank you in advance.
    Hi,

    I'm not sure all the things sitepoint does to hide parameters. However, they likely store state data in the database using php sessions. These are stored on the server-side and given parameters are retrieved using database queries you will not see these using firebug or other profiling tools.

    Using sessions isn't automatically secure but it is more secure than post or get data.
    ictus==""

  3. #3
    SitePoint Wizard
    Join Date
    May 2012
    Posts
    1,004
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Hi serverstorm, what do you mean
    Using sessions isn't automatically secure but it is more secure than post or get data.

  4. #4
    Foozle Reducer ServerStorm's Avatar
    Join Date
    Feb 2005
    Location
    Burlington, Canada
    Posts
    2,699
    Mentioned
    89 Post(s)
    Tagged
    2 Thread(s)
    Quote Originally Posted by jemz View Post
    Hi serverstorm, what do you mean
    Hi Jemz,

    There are a number of attack vectors associated with Sessions. Session Hijacking, Session Fixation. Another thing to do other than safeguarding these attacks is storing sessions in the database

    Here is more information to read about session security: http://phpsec.org/projects/guide/4.html
    ictus==""

  5. #5
    SitePoint Wizard
    Join Date
    May 2012
    Posts
    1,004
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Thank you so much serverstorm, more power to you always.

  6. #6
    SitePoint Enthusiast
    Join Date
    Apr 2003
    Location
    London
    Posts
    39
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Sessions are unsafe is you just store a player account ID and let them access their account assuming that is really the person logged in. But what I like to do is store the user id AND their password in a session, and then at the top of every controlled page in an include, authenticate their username/password in the database. After setting that up, I can add any other non-sensitive site preferences I want to the session. Its a pain having to constantly add new DB fields for every variable I want to track, adding them to the include file for loading into variables from the db etc... So definitely I like the convenience of session as long as I validate the account.

    Quote Originally Posted by ServerStorm View Post
    Hi Jemz,

    There are a number of attack vectors associated with Sessions. Session Hijacking, Session Fixation. Another thing to do other than safeguarding these attacks is storing sessions in the database

    Here is more information to read about session security: http://phpsec.org/projects/guide/4.html
    Chuck
    --------------------------
    Add Poker Tables to your Website
    http://www.PlugInPoker.com


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •