If you base your actions about data from a cookie than you have a security whole.
Lets say that you want to let a user edit his/her details and you know who the user
is from a cookie you put on his computer. Now you assume that $user (just an example)
has the value you put there right? WRONG!!!!
If i go to the url and do http://www.MyDomain.com?MyScript.php3?user=berber
than $user will uave the value berber and if i do :
http://www.MyDomain.com?MyScript.php3?user=joe
than $user will uave the value joe which means that if you have a user
joe than i can see and edit his details.
What can you do?
Well, two things :
1. The simplest thing to do is check the URI :
$URI=getenv("REQUEST_URI");
If(strstr($URI,"user")) {
echo"This data is not coming from a cookie";
exit();
}
2. The more compex but more clean way of doing this is by using $HTTP_COOKIE_VARS["user"]
but In order for the various $HTTP_*_VARS[] arrays to exist, you need to turn
on track_vars. You can also turn track_vars on for a specific script by adding:
<?php_track_vars?> as the FIRST line of your script.
