PHP Web Application Security Vulnerabilities

Sending the hash

• For cookies or hidden form fields

• Hash the data with a secret word

• Include the hash in the cookie or form

Sending the cookie


$secret_word = 'salt-baked squid';
$id = 31415926;
$hash = md5($secret_word.$id);
setcookie('id',$id.'-'.$hash);