RE: [PHP] Session With Cookies

Mon, 05 Feb 2001 00:56:04 -0800 

no offense for anyone at all. I was just wondering myself and threw it in
the group discussion.

Eelco.


> I never wanted this question to be an offense for anyone. I thank you all
> for your answers.
>
> Regards
> PHPLover
>
> Lux <[EMAIL PROTECTED]> wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> > It's unlikely I suppose, but there's a must-have book you should look at
> > if you want info on hacks, including browser hacks (Hacking Exposed:
> > Network Security Secrets and Solutions, 2nd Edition).  The cookie hack
> > that comes to mind only works in IE or MS products (but that's only
> > what, 90% of the web), but all it is is a line or so of html code that
> > somebody places on their site (say in an iframe...) that sends them all
> > your cookie data (if the user uses outlook, they can also just place it
> > in an email).  from there, they use the cookie data to pose as that
> > person on various sites trying to gain sensitive info.  but if you're
> > already giving them the password, how much more sensitive can you get?
> >
> > so really, if they don't close their browser for a while, this
> > possibility increases.  and it may be a slim possibility, but it's
> > better to be safe than sorry.
> >
> > later
> >
> > lux
> >
> > > Well .. I am ... nobody but the user itself can see the login and
> password
> > >
> > > in the cookie. Unless it's on non-SSL connection and somebody is
> > >
> > > packet-shiffing around. Otherwise there would be no leak for somebody
> else
> > >
> > > to get this information, is there?
> > >
> > > And if the user doesn't logout, the cookie is still destroyed when the
> > >
> > > browser is closed anyway.
> > >
> > >
> > >
> > > Eelco.
> >
> >
> > --
> >
> > John Luxford
> > Simian Systems
> >
> > w: www.simian.ca
> > e: [EMAIL PROTECTED]
> > p: 204.946.5955
> >
> > --
> >
> >
> > --
> > PHP General Mailing List (http://www.php.net/)
> > To unsubscribe, e-mail: [EMAIL PROTECTED]
> > For additional commands, e-mail: [EMAIL PROTECTED]
> > To contact the list administrators, e-mail: [EMAIL PROTECTED]
> >
>
>
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
> To contact the list administrators, e-mail: [EMAIL PROTECTED]
>
>


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]

Reply via email to