Re: Client-Side Session Data — PHP Programming Language

You are here: Re: Client-Side Session Data « PHP Programming Language « IT news, forums, messages

Posted by Sanders Kaufman on 12/19/06 19:11

Vincent Delporte wrote:
> On Tue, 19 Dec 2006 09:01:31 GMT, Sanders Kaufman <bucky@kaufman.net>
> wrote:
>> No matter how tight your security is, if users login over HTTP,
>> their credentials can be tooooo easily intercepted - making all
>> other security measures worthless.
>
> So HTTPS should be used when logging on and receiving the session ID
> cookie, but from then, it's OK to use HTTP?

That depends on what is happening from then.
ANY time sensitive data crosses the web, it should be over HTTPS
to prevent others from sniffing it out.

But HTTPS takes up more resources than regular HTTP. So where
sensitive data is not being shuffled about, HTTP is the better
choice.

Navigation:

Next in forum: Life is Different here, sky has no limit but you must grip it with this website,
Prev in forum: Chage script for Linux servers?
Thread view: Re: Client-Side Session Data

[Reply to this message]

Удаленная работа для программистов • Как заработать на Google AdSense • England, UK • статьи на английском • PHP MySQL CMS Apache Oscommerce • Online Business Knowledge Base • DVD MP3 AVI MP4 players codecs conversion help

Home • Search • Site Map • Set as Homepage • Add to Favourites

Сайт изготовлен в Студии Валентина Петручека —
изготовление и поддержка веб-сайтов, разработка программного обеспечения, поисковая оптимизация