[ Date Index ] [ Thread Index ] [ <= Previous by date / thread ] [ Next by date / thread => ]

Re: [LUG] PHP Session problems

To: list@xxxxxxxxxxxxx
Subject: Re: [LUG] PHP Session problems
From: Tom Potts <tompotts@xxxxxxxxxxxxxxxxxxxx>
Date: Fri, 11 May 2007 11:40:58 +0100
Content-disposition: inline

On Friday 11 May 2007 08:02, Anton Channing wrote:
> James Fidell wrote:
> > Anton Channing wrote:
> >> But what if you've revoked the users admin
> >> privileges in the mean time?  They will still
> >> have an active cookie.  Your method is
> >> insecure.
> >
> > Or what if a user decides to give themselves admin
> > privileges by hacking the cookie to change their
> > user type?  OK, so they'd have to guess the exact
> > string, but it's not exactly difficult, is it?
>
> I suspected that might be also be possible
> but that really stretched my knowledge about
> cookies!
>
> Thanks for expanding my point on this one!
>
> Anton
http://www.w3schools.com/php/php_sessions.asp
of any use?
Tom te tom te tom


-- 
The Mailing List for the Devon & Cornwall LUG
http://mailman.dclug.org.uk/listinfo/list
FAQ: http://www.dcglug.org.uk/linux_adm/list-faq.html

References:
- [LUG] PHP Session problems
  - From: Robin Cornelius
- Re: [LUG] PHP Session problems
  - From: James Fidell
- Re: [LUG] PHP Session problems
  - From: Anton Channing

Prev by Date: Re: [LUG] Thanks again BUT!
Next by Date: Re: [LUG] Thanks but there's more!!!!
Previous by thread: Re: [LUG] PHP Session problems
Next by thread: [LUG] Ubuntu + Cisco Aironet 340 = Problems
Index(es):
- Date
- Thread