Freitag, 10. Juli 2009

PHP Session Security

I found a list of problems with PHP sessions you should know about. Of course you can steal a someone's session if you have his session id because it's not IP based.
Maybe unexpected is that you can get this id not only by sniffing traffic but also with XSS by reading out the cookie and loading an image from another server. More surprisingly you can can even force a user to use a session id you already know by sending him a link with a id. The server recognise the id and keep using it. To prevent this just generate a new id during login using session_regenerate_id().

Like it? Share it! Flattr this

Donnerstag, 9. Juli 2009


Ach, das ist hier ein ganz schönes Chaos zwischen Englisch und Deutsch in meinem Blog. Ich werde wohl mal Tags dran machen müssen was in welcher Sprache ist...

Like it? Share it! Flattr this

PHP Top 5 Security Problems

If you are programming in PHP you should have read this page about the most common security problems in PHP and how to avoid them.

Like it? Share it! Flattr this

Mittwoch, 8. Juli 2009

ToDo List

Stephan hat einen tollen ToDo List Manager gefunden.

Ja, ich brauch kein Twitter um kurze Postings zu machen...

Like it? Share it! Flattr this

Montag, 6. Juli 2009

Advanced Firefox Plugins

I found this page with a lot of interesting plugins
Please leave a comment which one you like!

Like it? Share it! Flattr this

Mittwoch, 1. Juli 2009

Thunderbird Add-on

Quicktext fügt Textbausteine ein, so kann man auch verschiedene Signaturen realisieren.
Accountex im- und exportiert Konten-Einstellungen.
Quick Folder Übersicht der wichtigsten Ordner als Tabs.
Google Contacts Synkronisiert Kontakte mit einem Gmail Account

Like it? Share it! Flattr this