Just sniffed around a little bit
Forget the idea with the http headers xD
From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Ala'a Ibrahim
Sent: Tuesday, February 28, 2006
11:10
To: Jordan
PHP User Group Mailing list
Subject: Re: [JoPHP] Cookies
Security Threats with IE
Well, what differance it
makes when encrypting the cookies, as you can use the same encrypted cookies on
another computer and have the access.
In sessions, the only thing that is stored on the clients computer is a session
id (sometimes it's not stored), it's just a bunch of useless characters, but if
I took this same useless characters and set them on my browser, i would have
the same access as you had.
On 2/28/06, Khair-ed
Din Husseini <[EMAIL PROTECTED]>
wrote:
Did you mean your clients as clients in an internet cafe or
clients as is clients that bought from you a web solution.
For later part you can encrypt your cookie data so that
"no one" (meaning in most cases) can read the cookies but your
application.
From: [EMAIL PROTECTED]
[mailto:
[EMAIL PROTECTED]] On Behalf Of Ala'a
Ibrahim
Sent: Tuesday, February 28, 2006
10:51
To: Jordan PHP User Group Mailing list
Subject: Re: [JoPHP]
Cookies Security Threats with IE
And What would that do ... ?
On
2/28/06, Khair-ed Din Husseini
<[EMAIL PROTECTED]>
wrote:
Easy,
Encrypt your cookie info
From: [EMAIL PROTECTED]
[mailto:
[EMAIL PROTECTED]] On Behalf Of Ala'a
Ibrahim
Sent: Monday, February 27, 2006
10:03
To: Jordan
PHP User Group Mailing list
Subject: Re: [JoPHP] Cookies
Security Threats with IE
Well, I don't care about myself, my main concern is my
clients ...
On
2/26/06, Anubis HH <[EMAIL PROTECTED] >
wrote:
Do you
wanna solve it from a client or a server side?
I mean do you wanna protect yourself from this
happening to you when you go to a cafe? or do you want
to protect users of your website?
Ammar
--- Ala'a Ibrahim <[EMAIL PROTECTED]>
wrote:
> Dear Group,
> Imagine this setuation, you are in an Internet Cafe,
> you logged in to some
> account on the internet (Even if it was HTTPS), a
> cookie, or a session id
> cookie would be put on your computer, in IE the
> cookies would be put in some
> file on your computer, now if the Internet cafe
> supervisor got into your
> computer, he can read all the cookies he wants, and
> then set them on his
> machine, and (in the case of sessions) he could use
> your account until one
> of you logs out (in case of cookies, it's gone
> forever).
> does anybody knows a way to solve that ...
>
> PS: in the Internet Cafe you both have the same IP,
> so it's useless to try
> to save the IP in your session.
> My Best solution is to tell everybody not to go to
> internet cafes ....
> --
> Ala'a
A. Ibrahim
> http://alaa83.blogspot.com/
> > _______________________________________________
> Jordan PHP Users Group
> http://php.jolug.org/
> Php mailing list
> [email protected]
> http://mail.jolug.org/mailman/listinfo/php_jolug.org
>
__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com
_______________________________________________
Jordan PHP Users Group
http://php.jolug.org/
Php mailing list
[email protected]
http://mail.jolug.org/mailman/listinfo/php_jolug.org
--
Ala'a A. Ibrahim
http://alaa83.blogspot.com/
_______________________________________________
Jordan PHP Users Group
http://php.jolug.org/
Php mailing list
[email protected]
http://mail.jolug.org/mailman/listinfo/php_jolug.org
--
Ala'a A. Ibrahim
http://alaa83.blogspot.com/
_______________________________________________
Jordan PHP Users Group
http://php.jolug.org/
Php mailing list
[email protected]
http://mail.jolug.org/mailman/listinfo/php_jolug.org
--
Ala'a A. Ibrahim
http://alaa83.blogspot.com/
|
