Posted by Jerry Stuckle on 03/11/07 19:10

Iván Sánchez Ortega wrote:
> Jerry Stuckle wrote:
>
>> Lots of ways. As Iván suggested, use a session variable. A hash doesn't
>> work (not reversible),
>
> It works, if you store a rainbow table as a session variable (to reverse the
> hash when the client posts the data), and expose the hash to the client.
>
> The ticket idea is similar, but uses random strings instead of hashes.
>

true - but wouldn't a reversible encryption be a lot easier?

But either way - it's still security by obscurity - which is no security
at all.

--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstucklex@attglobal.net
==================

[Back to original message]