"Ian Bagley" <[EMAIL PROTECTED]> writes:
> Indeed, SSL is the only way to properly protect from 'stealing' a
> SID, but still, the MD5 solution does tend to protect the integrity
> of the query string.
Yes, I like the MD5 trick very much. It seems that if using Cookies
and POST employing
> -Original Message-
> From: Christopher Ostmo [mailto:[EMAIL PROTECTED]]
>
> Ian Bagley pressed the little lettered thingies in this order...
>
> > One thing which would prevent hijacks from simply guessing SIDS
> would be to
> > add an md5 hash to the end of a url
> >
[
Ian Bagley pressed the little lettered thingies in this order...
> One thing which would prevent hijacks from simply guessing SIDS would be to
> add an md5 hash to the end of a url
>
> e.g.
>
> If a page was:- doit.php?item=4&SID=237478
>
> then append the url with the md5 of the url PLUS
One thing which would prevent hijacks from simply guessing SIDS would be to add an md5
hash to the end of a url
e.g.
If a page was:- doit.php?item=4&SID=237478
then append the url with the md5 of the url PLUS a secret key generated at the
begining of each session:-
i.e. add MD5("d
4 matches
Mail list logo