[EMAIL PROTECTED] wrote:
Technically correct...but not complete:
http://issues.apache.org/bugzilla/show_bug.cgi?id=22679
Some manual work does have to be done but you can create secure web
applications with SSL.
Better things can be done with hardware routers + ssl, but thats another
discussion.
I never implied you can't create a secure web app and I don't see
how the reference to session fixation relates to the statement
that a SessionID in a cookie is safer than in the URL.
It doesn't matter if you put the SessionID in the URL or the
cookie. Either way, they're in the same place - the HTTP header -
so from a security standpoint, there is no difference.
C
--
-------------------------------------------------------------------------
Chris Merrill | http://www.webperformanceinc.com
Web Performance Inc.
Website Load Testing and Stress Testing Software
-------------------------------------------------------------------------
_______________________________________________
Juglist mailing list
[email protected]
http://trijug.org/mailman/listinfo/juglist_trijug.org
