Re: need help with logout (logout not perfect) — All PHP

You are here: Re: need help with logout (logout not perfect) « All PHP « IT news, forums, messages

Posted by shimmyshack on 11/02/06 00:43

well said. defence against the dark arts is hard.
If you want to add to your session security and enforce even more than
the above, things like application-state-pathways, further
authentication for sensitive parts of the site, intelligent semi-trust
for certain users based on actions, restarting new sessions
transparently (including on login and logoff), sending the initial
session token over SSL and more, go ahead
This is a pretty good place to begin
http://www.owasp.org/index.php/PHP_Top_5
note the references there for further reading.
Sessions can be very tricky if you want things to be secure.
The more you read the more fun it gets.

Dont have nightmares, do sleep well

Navigation:

Next in forum: Re: php job
Prev in forum: Re: need help with logout (logout not perfect)
Thread view: Re: need help with logout (logout not perfect)

[Reply to this message]

Удаленная работа для программистов • Как заработать на Google AdSense • England, UK • статьи на английском • PHP MySQL CMS Apache Oscommerce • Online Business Knowledge Base • DVD MP3 AVI MP4 players codecs conversion help

Home • Search • Site Map • Set as Homepage • Add to Favourites

Сайт изготовлен в Студии Валентина Петручека —
изготовление и поддержка веб-сайтов, разработка программного обеспечения, поисковая оптимизация