You are here: Re: Session HELP ! « PHP Programming Language « IT news, forums, messages
Re: Session HELP !

Posted by Chung Leong on 11/24/89 11:28

Joseph S. wrote:
> I was taking the line Bob was - sessions for better security - till I
> read your explanation about why GET is useful - bookmarking, users not
> repeating searches etc. Very correct,indeed. But people learn how to
> rewrite urls quite easily these days.

I disagree with the notion that using session to pass variable lead to
better security. If access to a resource identified by a GET parameter
requires proper authorization, then just perform the necessary
authorization checks within that page. That simplifies the security
analysis: if the checks occur, then the resource is safe. In constrast,
when you rely on the user's inability to alter session variables for
security, the analysis is more complicate: the resource is safe only if
the user cannot somehow use other pages to set the session variables to
illegal values. You end up having to prove a negative.

Security by assertion is better than security by prevention. It's
easier to see that something happens correctly than to show that
nothing can go wrong.

 

Navigation:

[Reply to this message]


Удаленная работа для программистов  •  Как заработать на Google AdSense  •  England, UK  •  статьи на английском  •  PHP MySQL CMS Apache Oscommerce  •  Online Business Knowledge Base  •  DVD MP3 AVI MP4 players codecs conversion help
Home  •  Search  •  Site Map  •  Set as Homepage  •  Add to Favourites

Copyright © 2005-2006 Powered by Custom PHP Programming

Сайт изготовлен в Студии Валентина Петручека
изготовление и поддержка веб-сайтов, разработка программного обеспечения, поисковая оптимизация