Re: [Phplib-users] Re: latest snapshot
Brought to you by:
nhruby,
richardarcher
Menu
▾
▴
Re: [Phplib-users] Re: latest snapshot
|
From: Giancarlo <gia...@na...> - 2002-11-07 08:44:56
|
> The only drawback I can see of GET strings is that perhaps the Session > ID can be obtained by reading the target's screen (i.e. with a > telescope through a window, with a hidden camera etc). I see this as This is true if we don't take into consideration the fact that any, user-fantasy id can be provided by proposing a link with the sid in it. And it will be created. Where is the randomicity and 'non-guessability' if anyone (cookie free) can impose on anyone else his known sid as ?Example=Session=1 There are books and treaties about random cookie/token creation. Human fantasy is not an enough valid device for generating random tokens! This is not Posix/MIT/cookie/whatever compliant. This is an illogic bestiality Gian |
