Hi, Am Mon, 2003-11-17 um 22.16 schrieb Thomas M. Duffey:
> method to protect against such an attack? It's not perfect but should > significantly increase the difficulty of such an attack with little or > no annoying side effects for the legitimate user. Would it be useful > to extend the session modules of the common Web scripting languages > (e.g. PHP) to enable an IP address check by default? why you don't force session handling with cookies and set session lifetime to 20mins (or so)? Bart _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
