Hi All,
Ala'a Ibraheem daroori call me on my number good business for you!!
0788663010 or 0777485068
Malik Shishtawi
AS SOON AS POSSIBLE
best Regards,
Malik Shishtawi
General Manager
MyTekPlus | Training & IT Solutions
>
>----- Original Message -----
>From: Jordan PHP User Group Mailing list "[email protected]"
>To: Jordan PHP User Group Mailing list "[email protected]"
>Date: 2006-02-28
>Subject: Re: [JoPHP] Cookies Security Threats with IE
>
>I thought of that, but the thing that I mentioned an Internet Cafe is that the same 2 computers has the IP address for me, so I cannot differantiate the 2 computers for me, so for me these 2 users are like they are on the same machine.
>I thought of another thing, it generating some string (using md5) and store it in the session, and put something that is related to this string in another cookie, but the one who stole the session cookie, can also steal this one, it's not hard for him, he can get all the cookies related to my domain and set them on his computer.
>So I guess there is no ultimate solution to this problem, for every solution, I got a crack for it, or some problems that limits me from providing my sevice to a lot of other users.
>
>
On 2/28/06, Anubis HH <[EMAIL PROTECTED]> wrote:
What you could do is that you could store some sort of
>a hash on the server9 e.g. md5.
>
>On login you build this hash, and on every other
>request you rebuild that hash and check it with the
>original value. The hash could be built from the IP &
>user Agent & whatever you have on mind. It would be
>very hard for two computers to have all these
>identical.
>
>BUT! i recommend againt this, since people using
>clustered proxies will not be able to use your
>application. Clustered proxies tend to change the IP &
>user agent on every request. This means that you
>shouldn't even protect the session with an IP address.
>
>Ammar
>
>__________________________________________________
>Do You Yahoo!?
>Tired of spam? Yahoo! Mail has the best spam protection around
>http://mail.yahoo.com
>
>_______________________________________________
>Jordan PHP Users Group
>http://php.jolug.org/
>Php mailing list
>[email protected]
>http://mail.jolug.org/mailman/listinfo/php_jolug.org
>
Best wishes..
Malik I. Shishtawi
[EMAIL PROTECTED]
Mobile: +962-7 88 66 30 10
==========================================================
Founder & G.Manager of Jordan Youth Network (Shababgp.com).X
Senior Sales Excutive - Exceed Training & IT S
_________________________________________________
أعباؤك كثيرة؟ ولا تملك الوقت الكافي لتطالع هنا وهناك؟ لا تذهب بعيداَ، ما عليك إلا أن تسجّل في مجلة الموضة والحياة الإلكترونية، مجلة أسبوعية مجّانيّة!!
http://www.maktoob.com/fashion
_______________________________________________ Jordan PHP Users Group http://php.jolug.org/ Php mailing list [email protected] http://mail.jolug.org/mailman/listinfo/php_jolug.org
