Posted by Jerry Stuckle on 06/14/07 11:29

howa wrote:
> On 6 14 , 12 21 , Jerry Stuckle <jstuck...@attglobal.net> wrote:
>> No, short of SSL, there is no safe solution. Anyone anywhere between
>> the client and the server can intercept the data and use it for whatever
>> reason. Of course, because there's no guarantee as to what route a
>> packet will follow, the most likely places to intercept the packets is
>> on either end.
>>
>> But then that's why SSL was invented.
>>
>
> Okay, let have some constraints, say you can use SSL during login, but
> you can't use SSL for data transmission afterward, so it is possible?
> (similar to yahoo or gmail)
>
>

No, the session id is still sent in plain text then, and can be
intercepted and hacked.

--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstucklex@attglobal.net
==================

• Next in forum: Positions still available in the South of France. deadline for applications : 15th of June 2007
• Prev in forum: Re: $parts = $struct->parts;
• Thread view: Re: Is PHP session safe?

[Reply to this message]