nadeemshafi9 Posted June 17, 2007 Share Posted June 17, 2007 Hello Guys Whith ASP.NET they have this thing called a token which is used with forms to make sure that the form is teh one on the server, not just any old form from another server. What is the best way to do this in PHP, or is there a PEAR component to do so ? Thanks Nadeem Quote Link to comment https://forums.phpfreaks.com/topic/55902-avoid-cross-server-scripting/ Share on other sites More sharing options...
kalivos Posted June 17, 2007 Share Posted June 17, 2007 you can always check the page refer. just remember that not all browsers send the refer The best way to avoid xss is by validating user input at all times, not just via a form. Quote Link to comment https://forums.phpfreaks.com/topic/55902-avoid-cross-server-scripting/#findComment-276172 Share on other sites More sharing options...
nadeemshafi9 Posted June 17, 2007 Author Share Posted June 17, 2007 If you have a quick sniplet of code i may be able to read, i would be very gretfull if you could post it up just so i can get an idea of the construct you propose. Thanks Nadeem Quote Link to comment https://forums.phpfreaks.com/topic/55902-avoid-cross-server-scripting/#findComment-276356 Share on other sites More sharing options...
tarun Posted June 17, 2007 Share Posted June 17, 2007 Errmmm... Not Too Sure But Could You Use The SID (Session ID) PHP Sessions Info Quote Link to comment https://forums.phpfreaks.com/topic/55902-avoid-cross-server-scripting/#findComment-276359 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.