Re: Password Encryption

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 454-5900

[Lewis Bergman]
> > But the way I understand this, the authentication cookie would change every
> > time the user request a page, making it hard to fake a request.
>
> The addition of get_env(REMOTE_ADDR) would make it almost impossible to
> hijack a session. Like Pallo said, some config would be needed for proxy
> stuff. Also, I notice another server generated random variablen ->
> UNIQUE_ID, Could this be used for these purposes? It changes each time a
> request is made. I don't know if it comes from PHP or apache but it is
> listed in phpinfo().

It is generated by Apache, but only if you have compiled the unique_id
module so you shouldn't assume that it's there (off by default).

-- 
Pål Løberg                                Initio IT-løsninger AS
pallo[at]initio.no                        http://www.initio.no/