I found a list of problems with PHP sessions you should know about. Of course you can steal a someone's session if you have his session id because it's not IP based.
Maybe unexpected is that you can get this id not only by sniffing traffic but also with XSS by reading out the cookie and loading an image from another server. More surprisingly you can can even force a user to use a session id you already know by sending him a link with a id. The server recognise the id and keep using it. To prevent this just generate a new id during login using session_regenerate_id().
Like it? Share it!
Freitag, 10. Juli 2009
I found a list of problems with PHP sessions you should know about. Of course you can steal a someone's session if you have his session id because it's not IP based.
Maybe unexpected is that you can get this id not only by sniffing traffic but also with XSS by reading out the cookie and loading an image from another server. More surprisingly you can can even force a user to use a session id you already know by sending him a link with a id. The server recognise the id and keep using it. To prevent this just generate a new id during login using session_regenerate_id().
Maybe unexpected is that you can get this id not only by sniffing traffic but also with XSS by reading out the cookie and loading an image from another server. More surprisingly you can can even force a user to use a session id you already know by sending him a link with a id. The server recognise the id and keep using it. To prevent this just generate a new id during login using session_regenerate_id().
PHP Session Security
Donnerstag, 9. Juli 2009
Ach, das ist hier ein ganz schönes Chaos zwischen Englisch und Deutsch in meinem Blog. Ich werde wohl mal Tags dran machen müssen was in welcher Sprache ist...
Denglisch
Denglisch
If you are programming in PHP you should have read this page about the most common security problems in PHP and how to avoid them.
PHP Top 5 Security Problems
PHP Top 5 Security Problems
If you are programming in PHP you should have read this page about the most common security problems in PHP and how to avoid them.
Like it? Share it!
Like it? Share it!
Mittwoch, 8. Juli 2009
Stephan hat einen tollen ToDo List Manager gefunden.
Ja, ich brauch kein Twitter um kurze Postings zu machen...
Ja, ich brauch kein Twitter um kurze Postings zu machen...
ToDo List
ToDo List
Stephan hat einen tollen ToDo List Manager gefunden.
Ja, ich brauch kein Twitter um kurze Postings zu machen...
Like it? Share it!
Ja, ich brauch kein Twitter um kurze Postings zu machen...
Like it? Share it!
Montag, 6. Juli 2009
I found this page with a lot of interesting plugins http://firecat.intern0t.net/
Please leave a comment which one you like!
Please leave a comment which one you like!
Advanced Firefox Plugins
Advanced Firefox Plugins
Mittwoch, 1. Juli 2009
Quicktext fügt Textbausteine ein, so kann man auch verschiedene Signaturen realisieren.
Accountex im- und exportiert Konten-Einstellungen.
Quick Folder Übersicht der wichtigsten Ordner als Tabs.
Google Contacts Synkronisiert Kontakte mit einem Gmail Account
Accountex im- und exportiert Konten-Einstellungen.
Quick Folder Übersicht der wichtigsten Ordner als Tabs.
Google Contacts Synkronisiert Kontakte mit einem Gmail Account
Thunderbird Add-on
Thunderbird Add-on
Quicktext fügt Textbausteine ein, so kann man auch verschiedene Signaturen realisieren.
Accountex im- und exportiert Konten-Einstellungen.
Quick Folder Übersicht der wichtigsten Ordner als Tabs.
Google Contacts Synkronisiert Kontakte mit einem Gmail Account
Like it? Share it!
Accountex im- und exportiert Konten-Einstellungen.
Quick Folder Übersicht der wichtigsten Ordner als Tabs.
Google Contacts Synkronisiert Kontakte mit einem Gmail Account
Like it? Share it!
Abonnieren
Posts (Atom)