|
|
Posted by David Dorward on 11/16/06 11:28
Toby Inkster wrote:
>> So stay in HTTPS for the entire time the user is logged in if you want to
>> keep the user's credentials (and the data they send and recieve while
>> logged in) secure.
>
> Not necessarily -- you could do something like this:
> <?php
> $mysecret = 'XhT6fg7P';
> $u = $_COOKIE['username'];
> $a = $_COOKIE['auth'];
> $p = getPasswordFromDatabase($u);
> $real = md5($mysecret.$p);
> if ($real==$a)
> {
> print "Secure content.\n";
> }
I'm about to head off to bed so if I'm missing something obvious you can put
it down to needing the zzzs, but what's stopping the attacker sniffing the
cookies and then requesting the page using those cookies? They might not
get the user's password, but they do get credentials they can use to
pretend to be the user.
--
David Dorward <http://blog.dorward.me.uk/> <http://dorward.me.uk/>
Home is where the ~/.bashrc is
Navigation:
[Reply to this message]
|