Re: [Maypole] Auto Increment Primary Keys (and Documentation)

From: Perrin Harkins (perrin at elem.com)
Date: Sat Jan 29 2005 - 02:46:44 GMT


On Fri, 2005-01-28 at 18:07 -0700, Gordon Haverland wrote:
> Do
> you have suggestions of other information which can be used to
> "brand" a session?

Well, what are you trying to do? If you want to avoid people tampering
with the contents of your cookie or making up their own session IDs, an
HMAC is all you need. If you're trying to keep people from packet
sniffing cookies and using them, nothing short of SSL will be enough.
Using things like IP and User-Agent is a false-confidence builder if
you're dealing with someone sophisticated enough to steal cookies with a
packet sniffer.

- Perrin

_______________________________________________
maypole mailing list
maypole at lists.netthink.co.uk
http://lists.netthink.co.uk/listinfo/maypole



This archive was generated by hypermail 2.1.3 : Thu Feb 24 2005 - 22:25:58 GMT