Jump to content

Recommended Posts

Its true though, Anhything you put on a webserver is publically available

 

Its just like leaving your keys ni your car, someone can come along, drive your car all over the places and pretty soon you have 50,000 miles on the clock!

 

The way to prevent that would be to not leave your keys in the car and lock it

 

Now, how can we do this on a website :)

Link to comment
https://forums.phpfreaks.com/topic/70135-security/#findComment-352221
Share on other sites

I guess I was reading script as a normal page. ie User selects some options, queries run and stuff, page loads. Captchas are annoying, make sure it makes sense to do this.... if the users are logged in before this happens apply my method with username instead of ip address. Then ban the users for abuse if it continues.

Link to comment
https://forums.phpfreaks.com/topic/70135-security/#findComment-352328
Share on other sites

If you're using sessions, you could use the session data to restrict how often someone writes to the database.

 

<?php
define('POST_DELAY', 30);

if(time() - $_SESSION['last_access'] > POST_DELAY)
{
  // run update queries
}
else
{
  echo "You must wait " . POST_DELAY . " seconds before submitting another post.";
}

$_SESSION['last_access'] = time();
?>

Link to comment
https://forums.phpfreaks.com/topic/70135-security/#findComment-352345
Share on other sites

Im talking about any script

 

For instance, the home page etc

 

Think of this forum.. when you view the home page MYSQL is being executed

 

What happens if 10 guys run a script that blasts this home page 40 times a second

 

Thats 400 queries..

 

Im not talking about one major script I have, where as, any script on the site

Link to comment
https://forums.phpfreaks.com/topic/70135-security/#findComment-352346
Share on other sites

If you're using sessions, you could use the session data to restrict how often someone writes to the database.

 

<?php
define('POST_DELAY', 30);

if(time() - $_SESSION['last_access'] > POST_DELAY)
{
  // run update queries
}
else
{
  echo "You must wait " . POST_DELAY . " seconds before submitting another post.";
}

$_SESSION['last_access'] = time();
?>

Thats the type of thing I was looking for :)

 

Any other ideas? Not IP based though as people may be behind a router in school etc

Link to comment
https://forums.phpfreaks.com/topic/70135-security/#findComment-352348
Share on other sites

Thats the type of thing I was looking for :)

 

Any other ideas? Not IP based though as people may be behind a router in school etc

This isn't IP based, it's session based.  The session ID is stored in a cookie, or passed via GET data, and is wholely independent of IP address.

Link to comment
https://forums.phpfreaks.com/topic/70135-security/#findComment-352363
Share on other sites

Yeh I know I was reffering to one of the other posts :P

 

Cheers for info!

 

Can a php script register a session? Do get a session my members have to login, someone running a script point at my url, if they dont have a session it will die(); them

 

Can a script register a session by sending the appropriate headers etc?

Link to comment
https://forums.phpfreaks.com/topic/70135-security/#findComment-352364
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.