Reply to Re: sessions and security — PHP Programming Language

Posted by dino d. on 03/13/07 02:37

> address or even the port number on your machine that's accessing
> eBay's server -- data which you don't store remotely. If these don't
> match they might ask you to re-authenticate.

thanks for all the replies. let me ask a specific follow up- the
sequence of events goes like this:

a) user types their username and password into a browser, and clicks
submit over an SSL connection
b) user then is brought to a non-ssl connection, where they click
something like "edit password"
c) user is brought to a "change password" page, which is an SSL
connection

it seems to me that in step b, a hacker could catch the session,
correct? so are we to assume that ebay is doing something in addition
to sessions, such as IP recording, etc.?

thanks again,
dino

[Back to original message]

Удаленная работа для программистов • Как заработать на Google AdSense • England, UK • статьи на английском • PHP MySQL CMS Apache Oscommerce • Online Business Knowledge Base • DVD MP3 AVI MP4 players codecs conversion help

Home • Search • Site Map • Set as Homepage • Add to Favourites

Сайт изготовлен в Студии Валентина Петручека —
изготовление и поддержка веб-сайтов, разработка программного обеспечения, поисковая оптимизация