[nycphp-talk] Session security: protecting against hijacking attempts POSSIBLE SOLUTION
Rolan Yang
rolan at omnistep.com
Wed Dec 22 21:40:16 EST 2004
If you are really concerned about hijacking and security then the web
pages should be fetched/served over SSL.
~Rolan
Eric Rank wrote:
>After thinking hard about what's involved with session hijacking, one
>thing seemed to be the lynchpin in attacks, the session id. If an
>attacker knows the session id, he can hijack the victim's session.
>
>
>
More information about the talk
mailing list