[nycphp-talk] Experts help needed (Sessions)
Anirudh Zala (Gmail)
arzala at gmail.com
Sat Aug 6 00:39:55 EDT 2005
Joseph,
>From learning any good/new technique point of view it is good that you learn generating this kind of hard to break session keys, but from real world point of view, there is not much difference between PHP's standard session and yours custom made, because this is siutation like you are creating/modifying your existing lock bigger, stronger and harder to break but it's solutions to break/open it remains same like key is hanging near to your lock so anybody who knows how to open can open it easily. I am pointing at spoofing of session ids through analyzing network or by other methods. In that sense no matter how sronger you make your lock, there remains same key to open it. So you may think in both direction; lock as well as key.
Thanks
Anirudh Zala
----- Original Message -----
From: Joseph Crawford
To: NYPHP Talk
Sent: Thursday, August 04, 2005 7:13 PM
Subject: Re: [nycphp-talk] Experts help needed (Sessions)
Dan,
thanks for pointing this out, i just thought that basing the identifier on more than just the clients stuff would help a bit, but i guess you're right the server stuff really wont make a difference. I would incorporate time() but then when i compare they wont be the same since i will have to re-generate the id, that is unless i uses ses_start time, that never changes
i have some ideas i am going to flow with thanks... :)
--
Joseph Crawford Jr.
Codebowl Solutions, Inc.
1-802-671-2021
codebowl at gmail.com
------------------------------------------------------------------------------
_______________________________________________
New York PHP Talk Mailing List
AMP Technology
Supporting Apache, MySQL and PHP
http://lists.nyphp.org/mailman/listinfo/talk
http://www.nyphp.org
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.nyphp.org/pipermail/talk/attachments/20050806/1f9afbb0/attachment.html>
More information about the talk
mailing list