|
|
Posted by Jerry Stuckle on 08/18/06 18:34
Rik wrote:
> Jerry Stuckle wrote:
>
>>Rik wrote:
>>
>>>When using GET variables, HTTPS is a must.
>>>
>>
>>And why is that? There's no major difference between GET and POST in
>>how the data is sent to the server. And the user could change the GET
>>param whether http or https is used.
>
>
> You're absolutely right, I don't really know what I was thinking, I'm a little
> bit off :-). (Offcourse I blame the fever, it couldn't possibly me normal self
> making this mistake..:P) Regardless what method is used, if you want to prevent
> session hijacking just use https instead of http.
>
> Grtz,
I agree with this completely. Although https: does have more overhead,
if session hijacking is important you should protect it just like you
would credit card numbers.
--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstucklex@attglobal.net
==================
Navigation:
[Reply to this message]
|