Re: [PHP] Re: Security Issues - Where to look? — PHP

You are here: Re: [PHP] Re: Security Issues - Where to look? « PHP « IT news, forums, messages

Posted by GamblerZG on 11/10/05 23:08

Chris Shiflett wrote:
> GamblerZG wrote:
>> I think it's still reasonable to restrict a session to a single IP.
> No, it's not, for all of the reasons Richard mentioned and more.

I agree that using only IP to identify session is bad.
Using only SID is ok.
Using SIDs that are tied to a single IP is even _more secure_, since the
possible attacker would need to have exactly the same IP as a victim of
session hijacking. This comes at a price of a small inconvinience for
dial-up users (since they would need to login on each reconnect), but I
think such price it reasonable.

IMO, the best way is to re-generate SIDs on each request, but such
method will decrease perfomance of a script.

Navigation:

Next in forum: Re: [PHP] simplexml_load_string always FALSE
Prev in forum: Re: [PHP] a code question..??
Thread view: Re: [PHP] Re: Security Issues - Where to look?

[Reply to this message]

Удаленная работа для программистов • Как заработать на Google AdSense • England, UK • статьи на английском • PHP MySQL CMS Apache Oscommerce • Online Business Knowledge Base • DVD MP3 AVI MP4 players codecs conversion help

Home • Search • Site Map • Set as Homepage • Add to Favourites

Сайт изготовлен в Студии Валентина Петручека —
изготовление и поддержка веб-сайтов, разработка программного обеспечения, поисковая оптимизация