Thanks for your response shobinsun. Both are handy modules for automated attacks and SQL injections, but what I referred to in the question was specifically variable guessing in a non-automated fashion.
E.G: I type a sequence of numbers at the variable to see what I can come up with.
Please see the hash example above for a way I thought of to include random enough info to prevent guessing by clients. The modules you recommended do nothing to discourage legitimate requests. I want to prevent real-life users from playing with the URL to explore random results.
Does this make sense?
Main Topics
Browse All Topics





by: shobinsunPosted on 2009-03-27 at 02:07:52ID: 23999008
Hello,
ts.php?id= 3
/
You can use " mod_security " or " Anti Tamper Module " for Apache .
The following link will help you:
http://www.wisec.it/projec
http://www.modsecurity.org
Regards.