Re: [WebDNA] Secure Cookies

This WebDNA talk-list message is from

2009


It keeps the original formatting.
numero = 103893
interpreted = N
texte = --0014853198dae64a520476ecceaa Content-Type: text/plain; charset=UTF-8 Sorry hit send too early The hacker would have to generate sessionID's - basically generate a duplicate carts - and then keep throwing them at a server hoping to match the legitimate sessionID of a logged in user. I had thought of two users logged in with the same sessionID before but had to stop checking for multiple IPs due to problems with users in some corporate environments. I can see your point though - so I think I'll start encrypting the sessionID ;-) I still figure if there's ever a hack it will be because a client is loose with their username/password ! Take care - Tom --0014853198dae64a520476ecceaa Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable Sorry hit send too early

The hacker would have to genera= te sessionID's - basically generate a duplicate carts - and then keep t= hrowing them at a server hoping to match the legitimate sessionID of a logg= ed in user.

I had thought of two users logged in with the same= sessionID before but had to stop checking for multiple IPs due to problems= with users in some corporate environments. =C2=A0I can see your point thou= gh - so I think I'll start encrypting the sessionID ;-)

I still figure if there's ever a hack it will be be= cause a client is loose with their username/password !

=
Take care
- Tom


--0014853198dae64a520476ecceaa-- Associated Messages, from the most recent to the oldest:

    
  1. RE: [WebDNA] Secure Cookies ("Scott @ Itsula" 2020)
  2. Re: [WebDNA] Secure Cookies (christophe.billiottet@webdna.us 2020)
  3. Re: [WebDNA] Secure Cookies (Stuart Tremain 2020)
  4. Re: [WebDNA] Secure Cookies (Brian Harrington 2020)
  5. Re: [WebDNA] Secure Cookies (Stuart Tremain 2020)
  6. RE: [WebDNA] Secure Cookies ("Scott @ Itsula" 2020)
  7. Re: [WebDNA] Secure Cookies (Tom Duke 2020)
  8. RE: [WebDNA] Secure Cookies ("Scott @ Itsula" 2020)
  9. Re: [WebDNA] Secure Cookies (Tom Duke 2020)
  10. Re: [WebDNA] Secure Cookies (christophe.billiottet@webdna.us 2020)
  11. Re: [WebDNA] Secure Cookies (Stuart Tremain 2020)
  12. Re: [WebDNA] Secure Cookies (christophe.billiottet@webdna.us 2020)
  13. Re: [WebDNA] Secure Cookies (Stuart Tremain 2020)
  14. Re: [WebDNA] Secure Cookies (Tom Duke 2020)
  15. RE: [WebDNA] Secure Cookies ("Scott @ Itsula" 2020)
  16. [WebDNA] Secure Cookies - Further reading (Stuart Tremain 2020)
  17. [WebDNA] Secure Cookies (Stuart Tremain 2020)
  18. Re: [WebDNA] Secure cookies (HttpOnly/Secure) ("Dan Strong" 2013)
  19. Re: [WebDNA] Secure cookies (HttpOnly/Secure) (Tom Duke 2013)
  20. Re: [WebDNA] Secure cookies (HttpOnly/Secure) (WebDNA 2013)
  21. [WebDNA] Secure cookies (HttpOnly/Secure) ("Dan Strong" 2013)
  22. Re: [WebDNA] Secure Cookies (Tom Duke 2009)
  23. Re: [WebDNA] Secure Cookies (Tom Duke 2009)
  24. Re: [WebDNA] Secure Cookies (William DeVaul 2009)
  25. Re: [WebDNA] Secure Cookies (Tom Duke 2009)
  26. Re: [WebDNA] Secure Cookies (Frank Nordberg 2009)
  27. Re: [WebDNA] Secure Cookies (Govinda 2009)
  28. Re: [WebDNA] Secure Cookies ("Terry Wilson" 2009)
  29. Re: [WebDNA] Secure Cookies (William DeVaul 2009)
  30. Re: [WebDNA] Secure Cookies (William DeVaul 2009)
  31. Re: [WebDNA] Secure Cookies (Stuart Tremain 2009)
  32. Re: [WebDNA] Secure Cookies (Donovan Brooke 2009)
  33. Re: [WebDNA] Secure Cookies (Stuart Tremain 2009)
  34. Re: [WebDNA] Secure Cookies ("Terry Wilson" 2009)
  35. Re: [WebDNA] Secure Cookies (Stuart Tremain 2009)
  36. Re: [WebDNA] Secure Cookies (William DeVaul 2009)
  37. [WebDNA] Secure Cookies (Stuart Tremain 2009)
--0014853198dae64a520476ecceaa Content-Type: text/plain; charset=UTF-8 Sorry hit send too early The hacker would have to generate sessionID's - basically generate a duplicate carts - and then keep throwing them at a server hoping to match the legitimate sessionID of a logged in user. I had thought of two users logged in with the same sessionID before but had to stop checking for multiple IPs due to problems with users in some corporate environments. I can see your point though - so I think I'll start encrypting the sessionID ;-) I still figure if there's ever a hack it will be because a client is loose with their username/password ! Take care - Tom --0014853198dae64a520476ecceaa Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable Sorry hit send too early

The hacker would have to genera= te sessionID's - basically generate a duplicate carts - and then keep t= hrowing them at a server hoping to match the legitimate sessionID of a logg= ed in user.

I had thought of two users logged in with the same= sessionID before but had to stop checking for multiple IPs due to problems= with users in some corporate environments. =C2=A0I can see your point thou= gh - so I think I'll start encrypting the sessionID ;-)

I still figure if there's ever a hack it will be be= cause a client is loose with their username/password !

=
Take care
- Tom


--0014853198dae64a520476ecceaa-- Tom Duke

DOWNLOAD WEBDNA NOW!

Top Articles:

Talk List

The WebDNA community talk-list is the best place to get some help: several hundred extremely proficient programmers with an excellent knowledge of WebDNA and an excellent spirit will deliver all the tips and tricks you can imagine...

Related Readings:

Orders coming up blank (2004) WebCommerce: Folder organization ? (1997) Hello world ... (2002) Running 2 two WebCatalog.acgi's (1996) Empty Shopping Carts? (1998) WebCat2: Found Items syntax, etc. (1997) PDF mailing labels (2000) Sorting error (1997) [WebDNA] How to code a 301 redirect (2008) WebCat2b13MacPlugin - nested [xxx] contexts (1997) Checkboxes (1998) Here's how to kill a Butler Database. (1997) NT - Thanks and Taxes (1997) Calculating multiple shipping... (1997) tcpconnect/tcpsend frustrations (2002) Showing unopened cart (1997) A multi-processor savvy WebCatalog? (1997) WCS Newbie question (1997) [shell]? (2000) Pithy questions on webcommerce & siteedit (1997)