I’m all in a security funk right now so I’m going through making everything

Question

0

Asked: May 24, 20262026-05-24T01:55:31+00:00 2026-05-24T01:55:31+00:00

I’m all in a security funk right now so I’m going through making everything

0

I’m all in a security funk right now so I’m going through making everything as secure as possible. I got a login going and I’m referencing this:

http://www.addedbytes.com/writing-secure-php/writing-secure-php-1/

The first example is that of a login and if you say ?authorization=1 you get in. But if I wrap my code around a if($_POST) then the user MUST make a post. Can a user fake a $_POST? How do I go about faking a $_POST?

Report

Leave an answer
Cancel reply

You must login to add an answer.

Need An Account,

1 Answer

Editorial Team · Answer 1 · 2026-05-24T01:55:32+00:00

A user can simply create a file on their local machine with:

<form action="http://yoursite.com/login.php" method="post">
    <input type="text" name="username"  value="hahaha faked it!" />
    <input type="text" name="password" value="hee hee you can't tell this is fake" />
    <input type="submit">
</form>

and boom, “fake” post. In other words, you have to assume that anything and everything the user sends is potentially fake.

Sign Up

Sign In

Forgot Password

The Archive Base Latest Questions

I’m all in a security funk right now so I’m going through making everything

Leave an answerCancel reply

1 Answer

Leave an answer
Cancel reply