Am 21.06.2013 12:48, schrieb Steven Siebert:
You stated these IDs are sequential...do you know if there is any way to modify this to utilize a "random" generation? Sequential session IDs are an avenue to session hijacking.
There is no attack vector opening up by knowing a session ID. A "session" is tied to a socket which in turn would be a TCP/IP network connection. As long as TCP/IP connection hijacking is considered unfeasible, so will the corresponding session. If connection hijacking is a concern in your environment, consider using SSL/TLS as an additional measure against a number of attack - including eavesdropping and data manipulation.
http://www.yassl.com/files/yassl_securing_mysql.pdf Denis -- MySQL General Mailing List For list archives: http://lists.mysql.com/mysql To unsubscribe: http://lists.mysql.com/mysql
