Posted by Jerry Stuckle on 06/13/07 16:21

howa wrote:
> On Jun 13, 11:44 pm, Jerry Stuckle <jstuck...@attglobal.net> wrote:
>
>> Ajax requires javascript be enabled. And in a small corporation with a
>> single firewall/proxy, all users will have the same ip address.
>>
>> IP addresses are not reliable at any time other than when responding to
>> the immediate request.
>>
>
> yes, IP should not be used. I agree
>
> back to the corporation example, if SSL can't be used, what are the
> best practices for protecting session cookie?
>
> Seems there is no 100% safe solution - if people can capture your
> request and can reproduce them!
>
>

No, short of SSL, there is no safe solution. Anyone anywhere between
the client and the server can intercept the data and use it for whatever
reason. Of course, because there's no guarantee as to what route a
packet will follow, the most likely places to intercept the packets is
on either end.

But then that's why SSL was invented.

--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstucklex@attglobal.net
==================

[Back to original message]