|
Posted by linda on 11/17/06 17:00
"shimmyshack" <matt.farey@gmail.com> wrote in message
news:1162428213.337353.310000@m7g2000cwm.googlegroups.com...
> well said. defence against the dark arts is hard.
> If you want to add to your session security and enforce even more than
> the above, things like application-state-pathways, further
> authentication for sensitive parts of the site, intelligent semi-trust
> for certain users based on actions, restarting new sessions
> transparently (including on login and logoff), sending the initial
> session token over SSL and more, go ahead
> This is a pretty good place to begin
> http://www.owasp.org/index.php/PHP_Top_5
> note the references there for further reading.
> Sessions can be very tricky if you want things to be secure.
> The more you read the more fun it gets.
>
> Dont have nightmares, do sleep well
>
Thank you for the VERY useful link shimmyshack.
Best wishes,
Linda
[Back to original message]
|