On Sat, 23 Jan 2010 09:32:37 -0500, tedd.sperl...@gmail.com (tedd) wrote:
At 1:13 PM +1100 1/23/10, clanc...@cybec.com.au wrote:
fashion to secure your site, but you remain steadfast that you know
better -- so, what else can we say other than good luck.
but I would be grateful for any suggestions how I
could make this procedure more secure.
BUT you have told me to use sessions, and sessions use a Cookie!
If the Cookie I use contains random data, the only difference in security is in
that it remains valid. Neither contains any useful information, but while they
both will enable you to bypass security.
Using only sessions means you have the tried and true php session
handling to manage the cookie, rather than re-inventing the wheel
yourself by using your own random string to do the same thing that a
session cookie already does.
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php