Posted by Jerry Stuckle on 03/13/07 11:31

dino d. wrote:
>> address or even the port number on your machine that's accessing
>> eBay's server -- data which you don't store remotely. If these don't
>> match they might ask you to re-authenticate.
>
> thanks for all the replies. let me ask a specific follow up- the
> sequence of events goes like this:
>
> a) user types their username and password into a browser, and clicks
> submit over an SSL connection
> b) user then is brought to a non-ssl connection, where they click
> something like "edit password"
> c) user is brought to a "change password" page, which is an SSL
> connection
>
> it seems to me that in step b, a hacker could catch the session,
> correct? so are we to assume that ebay is doing something in addition
> to sessions, such as IP recording, etc.?
>
> thanks again,
> dino
>

Who knows? I doubt anyone on this list is familiar with EBay's code.
So why not ask them?

But this also has nothing to do with PHP. It could be any language.

--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstucklex@attglobal.net
==================

[Back to original message]