> -Original Message-
> From: Christopher Ostmo [mailto:[EMAIL PROTECTED]]
>
> Ian Bagley pressed the little lettered thingies in this order...
>
> > One thing which would prevent hijacks from simply guessing SIDS
> would be to
> > add a
One thing which would prevent hijacks from simply guessing SIDS would be to add an md5
hash to the end of a url
e.g.
If a page was:- doit.php?item=4&SID=237478
then append the url with the md5 of the url PLUS a secret key generated at the
begining of each session:-
i.e. add MD5("d
2 matches
Mail list logo