Hi
So... I've been reading up a little bit about cookies and security. Only to find that you should encrypt the data in them and that they can be hacked by using javascript code.
Is this really the...

Well no not really, sorry. Eventually it's meant as a map for players to walk around on it, it has layers just to customize it.
I'm just wondering if I'm handling this correctly or if there's a more...

Hi everyone,
because I've recently decided to try making a webgame, I've begun scripting an editor for it. However, I'm quite stuck on the little project and would like some help.

The script...

http://www.google.nl/search?hl=nl&c2coff=1&q=intercepting+HTTP+requests&btnG=Zoeken&meta=
This is the link that is mentioned in a thread about postback hacking. It's a dutch thread so I'll just say...

I use javascript for client side hashing before the data is posted because I read somewhere that the postback or something could be hacked. I don't have the link on me but I might find it

mysql_num_rows:
Retrieves the number of rows from a result set. This command is only valid for statements like SELECT or SHOW that return an actual result set. To retrieve the number of rows...

Ok this is the code I have now, I haven't fully checked it yet so there could be some errors in it, but I doubt this. What I'm more interested in is are the holes in the code for a user to hack it....

Ok, I will rewrite the whole code and upload it here once ready.

I don't mean to sound rude, but I just want this question answered about blocking session ID stealing.

Isn't it possible to check if the hacker tries to inject a session id in the URI by using GET? Like this:

if($_GET['PHPSESSID'] != null) {
// A hacker is trying to inject a session ID
}


?

Excuse me, I'm not so familiar with sessions. I don't know anything about session keys.
If I put the hash in a session and compare it to the hash in the database. Then it is possible for a hacker to...

I am kinda stuck now on how I would make one user logged in over multiple pages, however leaving hackers out. I can't really use sessions because they can be hacked no?
Can I have some assist on...

What is your output then? Also there appears to be a mistake in your query. I presume ID is a number, then there is no need for single quotes. So...
where id = '".$row['cid']."'
becomes
where id =...

Oh I should indeed implement htmlentities use, but...
What do you mean with CSRF and XXS? What are those things? :) Googling those things gives me other results than I need

Hi,
I wanted to post my login system I will use for an upcoming site for rating. I want to ensure a safe login, so please, if you know anything about this and see a security leak somewhere... Please...