Re: [Phplib-users] cookie stealing
Brought to you by:
nhruby,
richardarcher
Menu
▾
▴
Re: [Phplib-users] cookie stealing
|
From: Stephen W. <wo...@me...> - 2001-11-01 23:37:55
|
IP address is bad, because everyone coming through a NAT device or a proxy server will have that devices IP, but it may be better then nothing. You could use the IP with salt and make an MD5 hash, if weren't for the problem above. -Steve Brian Popp wrote: > > An MD5 of the ethernet card hardware address would work well, but I'm not > sure if it's obtainable through PHP? IP address would be an alternative, but > would be fairly easy for someone to obtain for a given user, especially if > you display it on the site somewhere (next to posts, for example). > > -----Original Message----- > From: order through chaos [mailto:ke...@go...] > Sent: Thursday, November 01, 2001 4:53 PM > To: php...@li... > Subject: [Phplib-users] cookie stealing > > hi! > > did anyone code something that checks other infos beside cookies to check > session validity? (like az ip, and an md5 of some client info for eg.) > > coz anyone stealing the cookie could be logged in, so it's no matter if you > send the password in md5 or not.. :P > > anyone? > > keo > > -- > don't believe everything you think. > > _______________________________________________ > Phplib-users mailing list > Php...@li... > https://lists.sourceforge.net/lists/listinfo/phplib-users > > _______________________________________________ > Phplib-users mailing list > Php...@li... > https://lists.sourceforge.net/lists/listinfo/phplib-users |
