[ Date Index ] [ Thread Index ] [ <= Previous by date / thread ] [ Next by date / thread => ]

Re: [LUG] PHP Session problems

To: list@xxxxxxxxxxxxx
Subject: Re: [LUG] PHP Session problems
From: Anton Channing <achanning@xxxxxxxxxxxxxxxxx>
Date: Fri, 11 May 2007 08:02:40 +0100

James Fidell wrote:
> Anton Channing wrote:
> 
>> But what if you've revoked the users admin
>> privileges in the mean time?  They will still
>> have an active cookie.  Your method is
>> insecure.

> Or what if a user decides to give themselves admin
> privileges by hacking the cookie to change their
> user type?  OK, so they'd have to guess the exact
> string, but it's not exactly difficult, is it?

I suspected that might be also be possible
but that really stretched my knowledge about
cookies!

Thanks for expanding my point on this one!

Anton

-- 
The Mailing List for the Devon & Cornwall LUG
http://mailman.dclug.org.uk/listinfo/list
FAQ: http://www.dcglug.org.uk/linux_adm/list-faq.html

Follow-up: Re: [LUG] PHP Session problems
- From: Simon Waters
Follow-up: Re: [LUG] PHP Session problems
- From: Tom Potts

References:
- [LUG] PHP Session problems
  - From: Robin Cornelius
- Re: [LUG] PHP Session problems
  - From: Neil Williams
- Re: [LUG] PHP Session problems
  - From: Anton Channing
- Re: [LUG] PHP Session problems
  - From: Robin Cornelius
- Re: [LUG] PHP Session problems
  - From: Anton Channing
- Re: [LUG] PHP Session problems
  - From: James Fidell

Prev by Date: [LUG] Ubuntu Feisty Fawn
Next by Date: Re: [LUG] Thanks but there's more!!!!
Previous by thread: Re: [LUG] PHP Session problems
Next by thread: Re: [LUG] PHP Session problems
Index(es):
- Date
- Thread