Re: [Phplib-users] store the IP in the session
Brought to you by:
nhruby,
richardarcher
Menu
▾
▴
Re: [Phplib-users] store the IP in the session
|
From: Matt W. <li...@ye...> - 2002-12-04 19:32:08
|
On Wednesday 04 December 2002 18:16, Giancarlo wrote: > > Why not to finish all these IP discussions then? Let's simply trigger= the > > user to use SSL for safer sessions, which is fairly easy to do if you= 've > > Excuse me, but if I propose you to click on a link as > https://phplib.sourceforge.net/showoff.php3?PHPSESSID=3D1 > > you click on it, you login, you place it in your bookmarks, can't I > steal it afterwards, forever and ever, as long as you use that bookmark= ? > > The typical illiterate snooper exploit is just this. But that would be user error. If someone was stupid enought to do that ma= ybe=20 they deserve whatever happens to them Excuse my ignorance on this but wouldn't a way round it to use per sessio= n=20 er.. sessions. So as soon as the browser closed the session ended. Assumi= ng=20 of course that all reference to the session was removed from wherever it = was=20 stored on the server. matt |
