On 2001.12.27, Wojciech Kocjan <[EMAIL PROTECTED]> wrote: > I think that anything the user supplies cannot be trusted and as such > sessions are a real problem to make secure.
What about using using symmetric key crypto to encrypt a sequence number that gets stored along with the session ID on the client's machine? This could help defeat replay attacks. Outside of that, there's not much I can think of. -- Dossy -- Dossy Shiobara mail: [EMAIL PROTECTED] Panoptic Computer Network web: http://www.panoptic.com/ "He realized the fastest way to change is to laugh at your own folly -- then you can let go and quickly move on." (p. 70)
