From: Stephen de Vries (stephentwisteddelight.org)
Date: Fri Jan 30 2004 - 16:40:10 CST

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

> If all you're looking for is protection against query string/
> post data "tampering" just signing it should be enough. A really
> simple example in PHP (untested):
<snip>

It looks like what you're attempting to do is to send data from the server
to the client, and ensure that the client sends the same data back. But
you already know what the values are before sending them to the client,
and you can read the values sent back from the client, so why sign the
values, when you can just compare them before and after the post?
Why jump through hoops trying to send static data to the client, when you
can store and control everything on the server side?

Stephen

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]