TalkPHP - View Single Post

Village Idiot · 03-17-2008, 02:43 AM

Exploitation to be a security risk would be really difficult, unless you have the source of the script. Here is a scenario that it could happen in.
You are passing an ID variable though POST, the script generated that number after authenticating the other stuff. Point is, the POST variable is secure. You go though the process and edit the row with that ID. All the user would have to do to edit another row is set a cookie with the same name and a different ID. $_REQUEST will process the value of the cookie.

Now this could be secured by passing all the user given vars though and processing them at the end. But like every potential security hole, even if its takes somewhat flawed (but still functional) design to work, don't use it.

03-17-2008, 02:43 AM	#7 (permalink)
Village Idiot Wizard Join Date: Sep 2007 Posts: 1,299 Thanks: 17	Exploitation to be a security risk would be really difficult, unless you have the source of the script. Here is a scenario that it could happen in. You are passing an ID variable though POST, the script generated that number after authenticating the other stuff. Point is, the POST variable is secure. You go though the process and edit the row with that ID. All the user would have to do to edit another row is set a cookie with the same name and a different ID. $_REQUEST will process the value of the cookie. Now this could be secured by passing all the user given vars though and processing them at the end. But like every potential security hole, even if its takes somewhat flawed (but still functional) design to work, don't use it. __________________