Home/ Questions/Q 167061
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-11T12:12:28+00:00

I just read this article on tdwtf.com . Generally, it describes an archiving bot

  • 0

I just read this article on tdwtf.com. Generally, it describes an archiving bot destroying things because it ignores headers. I then realized that I don’t know how to do security in a page WITHOUT headers. Therefore my question is:

What security measures can i take besides using headers?

I develop mostly in php, so I’m familiar with header(‘Location: ‘) function. But what else is out there?

Ideally I’m looking to replace the logic of 

if (!$something_important) header('Location: somehereharmless.php');

with something else (more) secure?

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. header: location is fine, as long as you include an exit at the end. You might also want to include a link or something.

    I usually use something like this:

    <?php function redirect($url) {     header('Location: ' . $url);     exit('<a href='' . $url . ''>Redirecting you to: ' . $url . '</a>'); }  redirect('somepage.php'); ?>

    This way people can’t bypass the redirect, and know that they should be redirected.

    [Edit]

    Also, always use POST when deleting stuff. It is very easy to create a fake GET (for example <img src='http://www.example.org/action.php?do=SetAsAdmin&userid=MyUserId' />).

    • 0