|
Wouldn’t it be pretty useless to
store this information depending on the session? Ok if you use the values only for that
session then it is useful. Hence you could not provide such things
like login remembrance…or am I wrong? From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Ala'a Ibrahim Got it, a friend had
solved it, with every page I would send a some secret code, generated from alot
of things including a random thing, and stored in the session, so somebody
steals all the cookies, he also needs to know what this code is, which is only
transmitted through an https connection. I guess this would solve the thing. On 2/28/06, zaid
emeish <[EMAIL PROTECTED]>
wrote: The security level you
seek is relevent to the importance of the data you are protecting, so if you
are protecting things that are recoverable and not that much of risk you don't
need to go far with protection, but if you are protecting data like credit card
numbers and social security numbers you might want to ask for the username
and password before seeing this page, just like amazone; they let you
shop on their site but when it comes to payement they require new login. And a
good practice i saw is that if the person is idle for a certain ammount of time
( e.g not clicking or doing any action) you can terminate the session and
require a new login. there are lots of things you can do but they can be
expensive on the application or usibility, so you really need to know what you
are protecting and how far you want to go with that. On 2/28/06, Anubis
HH <[EMAIL PROTECTED]>
wrote:
|
_______________________________________________ Jordan PHP Users Group http://php.jolug.org/ Php mailing list [email protected] http://mail.jolug.org/mailman/listinfo/php_jolug.org
