> -Message d'origine-
> De : Tijnema ! [mailto:[EMAIL PROTECTED]
> Envoyé : lundi 9 avril 2007 17:55
> À : Peter Lauri
> Cc : Martin Marques; Ólafur Waage; [EMAIL PROTECTED]
> Objet : Re: [PHP] Session Authentication
>
> On 4/9/07, Peter La
> -Message d'origine-
> De : [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] De la part
> de Ólafur Waage
> Envoyé : lundi 9 avril 2007 14:40
> À : [EMAIL PROTECTED]
> Objet : [PHP] Session Authentication
>
> Lets say i have a login system. This system authenticates the
> user via mysql,
On Tue, April 10, 2007 7:45 pm, Edward Vermillion wrote:
>
> On Apr 10, 2007, at 6:59 PM, Richard Lynch wrote:
>
>> On Mon, April 9, 2007 9:45 am, Davi wrote:
> Yes... but isn't it true that unless the default settings have
> changed that the sessions are stored in the servers temp directory
> (in
On Apr 10, 2007, at 6:59 PM, Richard Lynch wrote:
On Mon, April 9, 2007 9:45 am, Davi wrote:
Sessions are stored in the temporary's server folder... So... If I
known my
session ID and where it's stored, I can do something...
If your web-visitor can access and edit the session files stored in
On Mon, April 9, 2007 9:45 am, Davi wrote:
> Sessions are stored in the temporary's server folder... So... If I
> known my
> session ID and where it's stored, I can do something...
If your web-visitor can access and edit the session files stored in
the server temp folder, you have *MUCH* bigger pr
On Mon, April 9, 2007 10:55 am, Tijnema ! wrote:
> Cookies are old, so in the time they were introduced, today it is
> possible to create and modify cookies with some good tools. These
> tools are illegal, but every cracker is 99% illegal right? But that
> means i can't give you these tools to pro
On Mon, April 9, 2007 11:49 am, Peter Lauri wrote:
> If cookies were that unsecured so you could create your own cookies
> that
> easily, then would cookies exist?
Yes.
Cookies do exist.
And it is possible to use them so badly that you have giant security
holes in your web application.
This is
On Mon, April 9, 2007 11:28 am, Martin Marques wrote:
> Tijnema ! escribió:
>> On 4/9/07, Martin Marques wrote:
>>>
>>> So what? The user authenticated himself, so what is he gonna crack?
>> Yes, but i guess you're not only storing if the user has
>> authenticated, also storing a username?
>>
>> A
On Mon, April 9, 2007 8:36 am, Martin Marques wrote:
> ... or even better, save the
> authentication in a cookie on the client (seperated from the session
> array).
Well, no...
That *WOULD* make it possible for the user to create an
"authenticated" cookie if they wanted.
--
Some people have a "
On Mon, April 9, 2007 7:39 am, Ólafur Waage wrote:
> Lets say i have a login system. This system authenticates the user via
> mysql, when the user is authenticated, i set a session variable to let
> the
> system know the user is authenticated. ie. $_SESSION["authenticated"]
> =
> true;
>
> Lets als
At 7:07 PM +0200 4/9/07, Tijnema ! wrote:
On 4/9/07, tedd <[EMAIL PROTECTED]> wrote:
At 5:55 PM +0200 4/9/07, Tijnema ! wrote:
>Cookies are old, so in the time they were introduced, today it is
possible to create and modify cookies with some good tools. These
>tools are illegal,
I don't bel
Thanks for the replies guys, became a pretty big thread.
The actual code is just a select statement from the user table using sprintf
and mysql_real_escape_string for the username and password. I count how many
row's the select statement returns, if its not zero then i authenticate by
setting a s
Stut escribió:
As with most things these days it probably breaches the DMCA. But
frankly speaking, if doing that works then the developers of the
application, and by extension the company, deserve everything they get.
DMCA is a real piece of crap.
--
select 'mmarques' || '@' || 'unl.edu.ar' A
Martin Marques wrote:
Tijnema ! escribió:
Who said firefox is legal? :P
I believe that what firefox can do is limited, some things that are
illegal are not possible. I don't know exactly what's illegal, i
searched for it a few years ago, and that's what i found then.
Explain how it would be
Tijnema ! escribió:
Who said firefox is legal? :P
I believe that what firefox can do is limited, some things that are
illegal are not possible. I don't know exactly what's illegal, i
searched for it a few years ago, and that's what i found then.
Explain how it would be illegal to modify cooki
On 4/9/07, tedd <[EMAIL PROTECTED]> wrote:
At 5:55 PM +0200 4/9/07, Tijnema ! wrote:
>Cookies are old, so in the time they were introduced, today it is
>possible to create and modify cookies with some good tools. These
>tools are illegal,
I don't believe that.
FireFox probably has most, if not
At 5:55 PM +0200 4/9/07, Tijnema ! wrote:
Cookies are old, so in the time they were introduced, today it is
possible to create and modify cookies with some good tools. These
tools are illegal,
I don't believe that.
FireFox probably has most, if not all.
Cheers,
tedd
--
---
http://sperlin
Em Segunda 09 Abril 2007 13:47, Martin Marques escreveu:
> Davi escribió:
> > Sessions are stored in the temporary's server folder... So... If I known
> > my session ID and where it's stored, I can do something...
>
> Have you tried it? I mean, as a non-root, non-apache user. :-P
>
No. And I known
Davi escribió:
Sessions are stored in the temporary's server folder... So... If I known my
session ID and where it's stored, I can do something...
Have you tried it? I mean, as a non-root, non-apache user. :-P
--
select 'mmarques' || '@' || 'unl.edu.ar' AS email;
-
Tijnema ! escribió:
On 4/9/07, Martin Marques wrote:
So what? The user authenticated himself, so what is he gonna crack?
Yes, but i guess you're not only storing if the user has
authenticated, also storing a username?
And if that's not the case, then you could authenticate by creating a
cook
Em Segunda 09 Abril 2007 13:05, Robert Cummings escreveu:
> (...) Hasn't anyone here had a boring
> day (yeears ago) when they created an auto vote bot for some stupid
> poll? >:B
I never do this!!! =P
But I changed a cookie of an browser game XD
--
Davi Vidal
[EMAIL PROTECTED]
[EMAIL
On 4/9/07, Tijnema ! <[EMAIL PROTECTED]> wrote:
On 4/9/07, Stut <[EMAIL PROTECTED]> wrote:
> Peter Lauri wrote:
> >> Cookies are old, so in the time they were introduced, today it is
> >> possible to create and modify cookies with some good tools. These
> >> tools are illegal, but every cracker
On 4/9/07, Stut <[EMAIL PROTECTED]> wrote:
Peter Lauri wrote:
>> Cookies are old, so in the time they were introduced, today it is
>> possible to create and modify cookies with some good tools. These
>> tools are illegal, but every cracker is 99% illegal right? But that
>> means i can't give you
Peter Lauri wrote:
Cookies are old, so in the time they were introduced, today it is
possible to create and modify cookies with some good tools. These
tools are illegal, but every cracker is 99% illegal right? But that
means i can't give you these tools to proof it, but it is possible.
Tijnema
On Mon, 2007-04-09 at 18:57 +0200, Peter Lauri wrote:
> >
> > Cookies are old, so in the time they were introduced, today it is
> > possible to create and modify cookies with some good tools. These
> > tools are illegal, but every cracker is 99% illegal right? But that
> > means i can't give you
Peter Lauri wrote:
-Original Message-
From: Tijnema ! [mailto:[EMAIL PROTECTED]
Sent: Monday, April 09, 2007 5:38 PM
To: Martin Marques
Cc: Ólafur Waage; php-general@lists.php.net
Subject: Re: [PHP] Session Authentication
On 4/9/07, Martin Marques wrote:
Tijnema ! escribió:
On 4/9
>
> Cookies are old, so in the time they were introduced, today it is
> possible to create and modify cookies with some good tools. These
> tools are illegal, but every cracker is 99% illegal right? But that
> means i can't give you these tools to proof it, but it is possible.
>
> Tijnema
[Pete
On 4/9/07, Peter Lauri <[EMAIL PROTECTED]> wrote:
> -Original Message-
> From: Tijnema ! [mailto:[EMAIL PROTECTED]
> Sent: Monday, April 09, 2007 5:38 PM
> To: Martin Marques
> Cc: Ólafur Waage; php-general@lists.php.net
> Subject: Re: [PHP] Session Authenticati
> -Original Message-
> From: Tijnema ! [mailto:[EMAIL PROTECTED]
> Sent: Monday, April 09, 2007 5:38 PM
> To: Martin Marques
> Cc: Ólafur Waage; php-general@lists.php.net
> Subject: Re: [PHP] Session Authentication
>
> On 4/9/07, Martin Marques wrote:
> >
Em Segunda 09 Abril 2007 12:37, Tijnema ! escreveu:
> On 4/9/07, Martin Marques wrote:
> > Tijnema ! escribió:
> > > On 4/9/07, Martin Marques wrote:
> > >> Yes:
> > >>
> > >> Don't use transparent session id, or even better, save the
> > >> authentication in a cookie on the client (seperated fro
On 4/9/07, Martin Marques wrote:
Tijnema ! escribió:
> On 4/9/07, Martin Marques wrote:
>>
>> Yes:
>>
>> Don't use transparent session id, or even better, save the
>> authentication in a cookie on the client (seperated from the session
>> array).
>
> And then the user would crack the cookie ...
Tijnema ! escribió:
On 4/9/07, Martin Marques wrote:
Yes:
Don't use transparent session id, or even better, save the
authentication in a cookie on the client (seperated from the session
array).
And then the user would crack the cookie
I know they are encrypted, but trust me, cookies c
Em Segunda 09 Abril 2007 10:04, Stut escreveu:
> Ólafur Waage wrote:
> > Lets say i have a login system. This system authenticates the user via
> > mysql, when the user is authenticated, i set a session variable to let
> > the system know the user is authenticated. ie. $_SESSION["authenticated"]
>
On 4/9/07, Martin Marques wrote:
Ólafur Waage escribió:
> Lets say i have a login system. This system authenticates the user via
> mysql, when the user is authenticated, i set a session variable to let the
> system know the user is authenticated. ie. $_SESSION["authenticated"] =
> true;
>
> Lets
Ólafur Waage escribió:
Lets say i have a login system. This system authenticates the user via
mysql, when the user is authenticated, i set a session variable to let the
system know the user is authenticated. ie. $_SESSION["authenticated"] =
true;
Lets also say i know that's how the system works,
Thanks, yes my knowledge of sessions was a little vague.
2007/4/9, Stut <[EMAIL PROTECTED]>:
Ólafur Waage wrote:
> Lets say i have a login system. This system authenticates the user via
> mysql, when the user is authenticated, i set a session variable to let
the
> system know the user is authe
Ólafur Waage wrote:
Lets say i have a login system. This system authenticates the user via
mysql, when the user is authenticated, i set a session variable to let the
system know the user is authenticated. ie. $_SESSION["authenticated"] =
true;
Lets also say i know that's how the system works, th
On Tuesday 30 April 2002 22:57, Troy Lynch wrote:
> I'm currently rewriting a website in PHP and something I'm looking to do is
> login and logouts but also have a page to view who is logged at the present
> time.
Assuming that you do not require a user to logout, there is no reliable
method to
38 matches
Mail list logo
