...

View Full Version : security issue



saeed
11-05-2007, 09:40 AM
Everybody have seen orkut.com

now this is some kind of a general question and I believe am posting in right thread.
Kindly have a look below:
sample links

http://www.orkut.com/Album.aspx?uid=(numbers here)
http://www.orkut.com/Profile.aspx?uid=(numbers here)

now if someone just copy paste this link to address bar it won't be getting through directly ... Its going to prompt for User Login page.

Does anyone knows whats the trick behind it. I've password protected folder option provided by my web host but its not that good.

any help regard this will be appreciated.


many thanks,

Saeed.

mlseim
11-05-2007, 02:05 PM
It looks like it might be ASP ... not PHP ...

but the same idea that PHP uses .... sessions.

When logged-in, a session is started and retains the user ID.
Each page viewed checks for a valid session before displaying it.
If no session is active, it loads the log-in page.

saeed
11-06-2007, 05:01 AM
thanks for your reply mate..

is there any cookie thing involved ? I am sure there must be another way to protect members' profile.

I can create normal password protected page but that isn't enough (i guess)

I need something really good like orkut... u've seen members name are protected by series of numbers and in all situations ... user have to logged in before accessing someones profile or to do any activity there.


(btw I was unable to find New thanks button with your reply)


Saeed.

mlseim
11-06-2007, 04:22 PM
Sessions are like cookies except the variables are stored
on the server, not on the user's PC (like cookies are).



EZ Archive Ads Plugin for vBulletin Copyright 2006 Computer Help Forum