James A. Donald wrote:
--
On 12 Jun 2003 at 16:25, Steve Schear wrote:
http://www.acros.si/papers/session_fixation.pdf
Wow.
This flaw is massive, and the biggest villain is the server
side code created for Apache.
When you login to your bank, your e-gold account, your
--
James A. Donald wrote:
This flaw is massive, and the biggest villain is the server
side code created for Apache.
Ben Laurie
This isn't the case. I analysed several sites I work on for
attacks of the type described when this paper first came out.
None of them were vulnerable.
In
--
On 14 Jun 2003 at 21:42, Ben Laurie wrote:
The obvious answer is you always switch to a new session
after login. Nothing cleverer is required, surely?
I had dreamed up some rathe complicated solutions.
--digsig
James A. Donald