> I just came across such kind of code (php) written by a colegue:
>
> //header.inc
> if($_SESSION['UN']!='hardcoded_UN' or $_SESSION['UN']!='hardcoded_PW')
> header("Location: ./login.html");
> //missing else to mitigate the problem!!
> //HTML stuff here...
What about inserting a die() or exit() after the redirection? That
should solve the problem, I think.
> Now some questions and a proposal:
> - how safe is to rely on secrecy of the URL? I'm looking for a quantification of the risk, not a "it is a bad idea" ;)
> of course http://site/`pwgen -N1 30`/`pwgen -N1 30`.php is safer than http://site/admin/index.php. Any already made study? numbers?
> I just came across such kind of code (php) written by a colegue:
>
> //header.inc
> if($_SESSION['UN']!='hardcoded_UN' or $_SESSION['UN']!='hardcoded_PW')
> header("Location: ./login.html");
> //missing else to mitigate the problem!!
> //HTML stuff here...
What about inserting a die() or exit() after the redirection? That
should solve the problem, I think.
> Now some questions and a proposal:
> - how safe is to rely on secrecy of the URL? I'm looking for a quantification of the risk, not a "it is a bad idea" ;)
> of course http://site/`pwgen -N1 30`/`pwgen -N1 30`.php is safer than http://site/admin/index.php. Any already made study? numbers?
I'd prefer to close the hole.
-thh
[ reply ]