nadeemshafi9 Posted June 17, 2007 Share Posted June 17, 2007 Hello Guys Whith ASP.NET they have this thing called a token which is used with forms to make sure that the form is teh one on the server, not just any old form from another server. What is the best way to do this in PHP, or is there a PEAR component to do so ? Thanks Nadeem Link to comment https://forums.phpfreaks.com/topic/55902-avoid-cross-server-scripting/ Share on other sites More sharing options...
kalivos Posted June 17, 2007 Share Posted June 17, 2007 you can always check the page refer. just remember that not all browsers send the refer The best way to avoid xss is by validating user input at all times, not just via a form. Link to comment https://forums.phpfreaks.com/topic/55902-avoid-cross-server-scripting/#findComment-276172 Share on other sites More sharing options...
nadeemshafi9 Posted June 17, 2007 Author Share Posted June 17, 2007 If you have a quick sniplet of code i may be able to read, i would be very gretfull if you could post it up just so i can get an idea of the construct you propose. Thanks Nadeem Link to comment https://forums.phpfreaks.com/topic/55902-avoid-cross-server-scripting/#findComment-276356 Share on other sites More sharing options...
tarun Posted June 17, 2007 Share Posted June 17, 2007 Errmmm... Not Too Sure But Could You Use The SID (Session ID) PHP Sessions Info Link to comment https://forums.phpfreaks.com/topic/55902-avoid-cross-server-scripting/#findComment-276359 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.