Am 2007-08-21 19:34:24, schrieb Kelvin Park: > Hello, thanks for all the replies. > However, since I'm not very familiar with trans_sid I'll do some research on > that. > > Michelle Konzack, if hiding the id in hidden form field element or enabling > trans_sid could lead to security risks, what would you recommend as an > alternative method to safely transfer user information across different > pages in a website? > > Thank you.
1) I have a Server where the $USER authenticate and it store the
infos (IP, USER-AGENT, ...) there.
2) Then, after successfull autentication the $USER is redirected to
the real Website with an onetime ID in the URLetc.
3) The "real" Website get its infos from the AUTH-Server and check
it against the onetime ID in the URL
I had to do this, since I am working over a bunch of Servers, where
COOKIES would only be readable form the same Website which had set
the COOKIE
Greetings
Michelle Konzack
Systemadministrator
Tamay Dogan Network
Debian GNU/Linux Consultant
--
Linux-User #280138 with the Linux Counter, http://counter.li.org/
##################### Debian GNU/Linux Consultant #####################
Michelle Konzack Apt. 917 ICQ #328449886
50, rue de Soultz MSN LinuxMichi
0033/6/61925193 67100 Strasbourg/France IRC #Debian (irc.icq.com)
signature.pgp
Description: Digital signature
