 |
 |
 |
 |
|
|
Date: 07/28/00
- Next message: Brett D. Estrade: "[phplib] phpwebhosting.com"
- Previous message: James Potts: "Re: [phplib] Installing phplib on phpwebhosting"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
I was wondering why the session ids are implemented using a magic string passed
into uniqid(). I would think that the better way to implement this would be as
follows:
srand((double)microtime()*1000000);
$id = $this->that->ac_newid(md5(uniqid(rand())), $this->name);
This would make things more random. This is also what is suggested in the PHP
Manual. I made the above changes in session.inc and it worked fine.
My main concern is that if you are working on an open source project (as I
am at http://trio.msoe.edu) anyone can get your code and see what magic strings
you are using in session and auth. This would be a security risk wouldn't it?
Dan
----------------------------------------------------------------------------
Daniel E. Baumann
Phone: (414) 462-1403
E-mail: baumannd <email protected> (preferred)
baumannd <email protected>
baumannd <email protected> (caution: dynamic DNS service, may bounce)
Web location: http://www.msoe.edu/~baumannd
http://www.linuxfreak.com/~baumannd
"Life would be so much easier if we could just look at the source code."
-- Dave Olson
---------------------------------------------------------------------------
---------------------------------------------------------------------
To unsubscribe, e-mail: phplib-unsubscribe <email protected>
For additional commands, e-mail: phplib-help <email protected>
- Next message: Brett D. Estrade: "[phplib] phpwebhosting.com"
- Previous message: James Potts: "Re: [phplib] Installing phplib on phpwebhosting"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]