Join Up! 104884 members and counting!

Login To PHPBuilder User Name: Password: Register A New Site Account * NOTE: This is for logging into the main site only! To login to the forums, click here

Linux Today Enterprise Linux Today Apache Today JustLinux.com Linux Planet PHPBuilder All Linux Devices Hiermenus DatabaseJournal Technology Jobs Covalent Extends Apache 2.0 to Microsoft ASP.NET ShopWorX - Support for Windows PHP Security Advisory: Vulnerability in PHP versions 4.2.0 and 4.2.1 Network Risk Assessment Full-Featured, Java-Based Apache GUI Add NoSQL Data Storage to Your PHP Development with Redis Interactive Image Maps AJAX and PHP Part 3 - Post vs. Get Requests In Case You Missed It... The Month of June 2006 Using PHP for RTF

php3-list | 200003

From: Jeff Schwartz (jeff_schwartz <email protected>)
Date: 03/31/00

• Next message: Mike Sheldon: "RE: [PHP3] -=:[ Best SQL Server ]:=-"
• Previous message: Nick Zukin: "[PHP3] Macintosh PHP Editor (was: Re: [PHP3] Visual Editor?)"
• Maybe in reply to: Rouvas Stathis: "[PHP3] Session Management"
• Next in thread: Cynic: "Re: [PHP3] ASP to PHP3"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Why do they only have one second to see it?

If the session ID is part of the URL, it shows in the user's Address bar
as long as they're on that page, doesn't it?

--- Sascha Schumann <sascha <email protected>> wrote:
> On Fri, Mar 31, 2000 at 12:27:29PM -0800, Jeff Schwartz wrote:
> > For non-cookie based sessions, passing an ID in a form works great.
> But
> > what about regular clickable URLs? The session ID is exposed. Someone
> at
> > the next desk could type it in and become that user.
>
> Heh. A new type of "eavesdropping." Unless you are robot, I don't think
> you can memorize a string with 32 chars in one second.
>
> > Is there any way to safeguard against that?
>
> You can prevent real eavesdropping only using SSL/TLS.
>
> - Sascha
>

=====
jeff_schwartz <email protected> (Jeff Schwartz)

__________________________________________________
Do You Yahoo!?
Talk to your friends online with Yahoo! Messenger.
http://im.yahoo.com

-- 
PHP 3 Mailing List <http://www.php.net/>
To unsubscribe, send an empty message to php3-unsubscribe <email protected>
To subscribe to the digest, e-mail: php3-digest-subscribe <email protected>
To search the mailing list archive, go to: http://www.php.net/mailsearch.php3
To contact the list administrators, e-mail: php-list-admin <email protected>

• Next message: Mike Sheldon: "RE: [PHP3] -=:[ Best SQL Server ]:=-"
• Previous message: Nick Zukin: "[PHP3] Macintosh PHP Editor (was: Re: [PHP3] Visual Editor?)"
• Maybe in reply to: Rouvas Stathis: "[PHP3] Session Management"
• Next in thread: Cynic: "Re: [PHP3] ASP to PHP3"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Columns / Articles | Tips / Quickies | News | News Linking and RSS Feeds | Shared Code Library Mail Archives | Support / Discussion Forums | Get Started! Links | Contribute! | Docs