> It is also very conceivable that a person would send a link to a java > applet or any other kind of wrapper (PHP or other CGI actually would be > able to establish the connection on the server side always sending the > same user agent string and sending back the data from your site) to > establish the session in which case this is rendered useless.
So because its not flawless, we shouldnt try to get as close to perfection as we can? I know its not water-tight by any stretch of the imagination, but the more checking in there, the harder it is for hackers to get the foot in the door and penetrate. The more abstract the system is (especially on a site by site basis) the more work a cracker has to do to work out how a host is authenticated. At the end of the day, nothing from the client can be trusted - nothing. So we are never gonna reach perfection when the client is involved in relaying information. -- Dan Hardiker [[EMAIL PROTECTED]] ADAM Software & Systems Engineer First Creative Ltd -- PHP Development Mailing List <http://www.php.net/> To unsubscribe, visit: http://www.php.net/unsub.php
