FUDforum
Fast Uncompromising Discussions. FUDforum will get your users talking.

Home » Imported messages » comp.lang.php » Sanitizing user input
Show: Today's Messages :: Polls :: Message Navigator
Return to the default flat view Create a new topic Submit Reply
Re: Sanitizing user input [message #169917 is a reply to message #169897] Thu, 30 September 2010 07:44 Go to previous messageGo to previous message
Web Dreamer is currently offline  Web Dreamer
Messages: 13
Registered: September 2010
Karma:
Junior Member
Le 29/09/10 18:21, Jerry Stuckle a écrit :
> You have inconsistency because a person has to use multiple logins to
> the same site to access different information. It means users not only
> have to keep track of multiple userids/passwords for the same site, but
> which userid/password accesses which information.

You can have identical logins (same database) with different session
handling.
And it works very neatly :-)
Why do you think it mean having different logins?
I want to have a session to not log automatically to the other for
security reasons.

>> I was only mentioning session handling.
>>
>
> Which affects consistency.

No

>> A shopkeeper can have two companies:
>> A shoe shop
>> A flower shop
>> two different entities.
>> They share one same server (same boss, different legal entities, and
>> employees).
>> You SURELY do not want to mix anything together! But the owner of the
>> shops
>> can afford only one server (2 or 3 employees in each shop), and you
>> configure vhosts on the server.
>>
>
> No, and I would have two separate sites - one for each company. No
> special session handling required, because each site can only access its
> own cookies - and therefore only its own session information.

The shopkeeper wants the same domain name "HisSurname.com/shopname"
That's "his" choice, I have do with this. Or he get's someone else.

>> Are you really sure you want top mix this?
>> I seriously doubt it.
>>
>> Do you know any small business who would want to have mixed employee
>> logins/accountability with another small business?
>> Honestly... no...
>> But sometimes they share a same "physical" server (same owner for the 2
>> shops)
>>
>
> Nope, which is why they would have different sites. It makes no
> difference whether they are on the same server or not - cookies are
> domain specific, not server specific. One domain cannot access cookies
> from another domain - it makes absolutely no difference whether they are
> on the same server or not.

As I explained, same domain.
I'm paid to do as "his will", and had do do it.
A person/company can own several little companies, and may want
"CompanyGroup.com/smallCampany"
The domain is "the same".
Dangerous for cookies.
I do not "always" have Vhosts, so I make sure it can work without vhosts.

>> And again, separating sessions does not necessarily mean separating
>> information.
>>
>
> Yes, it does - because scripts using one session cookie will not be able
> to access data from the other session cookie.

You want these (sessions) to be seperate.
And they can share databases if required, works like a charm.
And for security, a script which needs only "read" access to a database,
will have a login to this database with only "select" permission.
I always create two users for databases, and I never use the one with
full write permissions on the database if I only need read access in the
script.
I use prepared statements to protect from sql injection, but add this
extra security.

>> Sometimes you want things totally separated.
>> Sometimes only "sessions" to be separated.
>>
>> And it's the one who pays you who decides.
>>
>
> So, you use different domains and different hosts. No problem at all,
> and separation of session information is guaranteed.

With different domains, no big issue,
But I'have already been asked the same domain, and the shop was the path
after the domain name.
When you say "it's not secure", they say "if you want this check with
that much money? well make it secure and the way I want".
What do you reply? you refuse the check? :-)

--
Web Dreamer
[Message index]
 
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Previous Topic: how to write a wsdl for php webservice?
Next Topic: ANNOUNCE - NHI1 / PLMK / libmsgque - Work-Package-II
Goto Forum:
  

-=] Back to Top [=-
[ Syndicate this forum (XML) ] [ RSS ]

Current Time: Sat Nov 23 13:57:20 GMT 2024

Total time taken to generate the page: 0.04349 seconds