Re: [PHP] Using Cookies Securely

[Dustin Mitchell]

On Fri, May 30, 2003 at 11:01:26PM -0700, Evan Nemerson wrote:
 Send a session ID to the user in a cookie, then lookup that ID in a database 
 on the server. It's extremely difficult to guess random session ID's (don't 
 just increment them!), and if you have a session timeout, you're pretty much 
 set.

That's true, and it is what most people do, but if you think about it the
session ID is then functionally equivalent to a crypt'd password for the
duration of your session; that is, either one allows you access to the site.
So if you were worried about folks sniffing an encrypted password and using
it to log in, you should be equally worried about folks sniffing a session ID
and using *it* to log in.

Dustin

-- 

  Dustin Mitchell
  [EMAIL PROTECTED]/[EMAIL PROTECTED]
  http://people.cs.uchicago.edu/~dustin/

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] Function result is an array

[Dustin Mitchell]

I briefly tried searching the archives for this, but there aren't any handy
keywords, so I didn't find anything.  Why can't I do this:

$year = getdate($timestamp)['year'];

(syntax error) while I can do this:

$temp = getdate($timestamp);
$year = $temp['year'];

and is there a way to combine the above into one statement, however
ungainly?

This doesn't just happen with getdate -- it happens with any function
returning an array.  I'm using PHP 4.1.2.

Dustin

-- 

  Dustin Mitchell
  [EMAIL PROTECTED]/[EMAIL PROTECTED]
  http://people.cs.uchicago.edu/~dustin/

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php