FUDforum
Fast Uncompromising Discussions. FUDforum will get your users talking.

Home » Imported messages » comp.lang.php » Best practice, (secure), to save session data?
Show: Today's Messages :: Polls :: Message Navigator
Return to the default flat view Create a new topic Submit Reply
Re: Best practice, (secure), to save session data? [message #178409 is a reply to message #178408] Fri, 15 June 2012 15:20 Go to previous messageGo to previous message
Chris Davies is currently offline  Chris Davies
Messages: 6
Registered: June 2012
Karma:
Junior Member
Jerry Stuckle <jstucklex(at)attglobal(dot)net> wrote:
> I read it. The thing you miss is the hacker doesn't need to decode the
> encrypted data in the cookie. All he needs to do is send it - just like
> the original client would.

You're (still?) missing my differentiator between this and a session
cookie.


> He won't have the password - but he doesn't need it.

It wasn't about having a password (implicit with the cookie or otherwise),
it was having access to the data stored directly in the cookie itself.

Chris
[Message index]
 
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Previous Topic: Stats comp.lang.php (last 7 days)
Next Topic: Is spl_object_hash unique in the SQL sense? Can it be used as a unique SQL db column?
Goto Forum:
  

-=] Back to Top [=-
[ Syndicate this forum (XML) ] [ RSS ]

Current Time: Fri Nov 22 15:04:49 GMT 2024

Total time taken to generate the page: 0.04139 seconds