On Sat, Feb 9, 2013 at 7:55 PM, UXB <denn...@uxbinternet.com> wrote:
> From a security perspective cookies are a better option because passing > ID's in the open can result in session hijacking when someone bookmarks a > link. > This isn't even the biggest threat. Since you are passing the SessionID in the URL, it will be included in the referrer string and LOGGED by someone else's server each time you allow a link out from your website. This appears to be the root cause of the recent Yahoo Mail security breaches. This means if you simply link to my website from yours, using a plain jane link - this is all that is required for me to potentially hijack your user's sessions, simply by examining the referrer strings. -Cameron -- Cameron Childress -- p: 678.637.5072 im: cameroncf facebook <http://www.facebook.com/cameroncf> | twitter<http://twitter.com/cameronc> | google+ <https://profiles.google.com/u/0/117829379451708140985> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:354442 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
