Re: [PHP] sessions and security From: Alex Black (enigma <email protected>)
Date: 12/28/00

with binarycloud, we do ip checking, with user agent and a couple other
things to verify you are who you say you are...

so far it has been quite secure, and I've got to great lengths to test it :)

-a 

--
Alex Black, Head Monkey
enigma <email protected>

The Turing Studio, Inc.
http://www.turingstudio.com

vox+510.666.0074
fax+510.666.0093

Saul Zaentz Film Center
2600 Tenth St Suite 433
Berkeley, CA 94710-2522

> From: anuradha <email protected> (Anuradha Ratnaweera)
> Newsgroups: php.general
> Date: 27 Dec 2000 04:21:04 -0800
> Subject: Re: [PHP] sessions and security
> 
> 
> 
> On Wed, 27 Dec 2000, K.Simon wrote:
> 
>> To avoid this you could use javascript. Put in there an exit console
>> destroing the session if the user closes the browser.
> 
> Users can easily disable javascipt, and this won't work on some browsers
> properly.
> 
> What I am really worried is if a user is accessing through a proxy,
> whether someone with full access to the proxy can do something by using
> the URL and hence the session ID, even with SSL (if not using cookies).
> 
> Anuradha
> 
> 
> -- 
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, e-mail: php-general-unsubscribe <email protected>
> For additional commands, e-mail: php-general-help <email protected>
> To contact the list administrators, e-mail: php-list-admin <email protected>
> 

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: php-general-unsubscribe <email protected>
For additional commands, e-mail: php-general-help <email protected>
To contact the list administrators, e-mail: php-list-admin <email protected>