Re: [Phplib-users] store the IP in the session
Brought to you by:
nhruby,
richardarcher
Menu
▾
▴
Re: [Phplib-users] store the IP in the session
|
From: Giancarlo <gia...@na...> - 2002-12-04 21:01:30
|
>>Excuse me, but if I propose you to click on a link as >>https://phplib.sourceforge.net/showoff.php3?PHPSESSID=1 >> >>you click on it, you login, you place it in your bookmarks, can't I >>steal it afterwards, forever and ever, as long as you use that bookmark? >> >>The typical illiterate snooper exploit is just this. > > > But that would be user error. If someone was stupid enought to do that maybe > they deserve whatever happens to them Do you check all the links before clicking them? If all app servers had that, can you imagine the billions of troyan bookmarks? The fact that even expired can reborn same same, is of much worry, and the check_for_existance by Maxim fixes that so ++ Gian |
