Re: [WebDNA] Secure Cookies

This WebDNA talk-list message is from

2009


It keeps the original formatting.
numero = 103893
interpreted = N
texte = --0014853198dae64a520476ecceaa Content-Type: text/plain; charset=UTF-8 Sorry hit send too early The hacker would have to generate sessionID's - basically generate a duplicate carts - and then keep throwing them at a server hoping to match the legitimate sessionID of a logged in user. I had thought of two users logged in with the same sessionID before but had to stop checking for multiple IPs due to problems with users in some corporate environments. I can see your point though - so I think I'll start encrypting the sessionID ;-) I still figure if there's ever a hack it will be because a client is loose with their username/password ! Take care - Tom --0014853198dae64a520476ecceaa Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable Sorry hit send too early

The hacker would have to genera= te sessionID's - basically generate a duplicate carts - and then keep t= hrowing them at a server hoping to match the legitimate sessionID of a logg= ed in user.

I had thought of two users logged in with the same= sessionID before but had to stop checking for multiple IPs due to problems= with users in some corporate environments. =C2=A0I can see your point thou= gh - so I think I'll start encrypting the sessionID ;-)

I still figure if there's ever a hack it will be be= cause a client is loose with their username/password !

=
Take care
- Tom


--0014853198dae64a520476ecceaa-- Associated Messages, from the most recent to the oldest:

    
  1. RE: [WebDNA] Secure Cookies ("Scott @ Itsula" 2020)
  2. Re: [WebDNA] Secure Cookies (christophe.billiottet@webdna.us 2020)
  3. Re: [WebDNA] Secure Cookies (Stuart Tremain 2020)
  4. Re: [WebDNA] Secure Cookies (Brian Harrington 2020)
  5. Re: [WebDNA] Secure Cookies (Stuart Tremain 2020)
  6. RE: [WebDNA] Secure Cookies ("Scott @ Itsula" 2020)
  7. Re: [WebDNA] Secure Cookies (Tom Duke 2020)
  8. RE: [WebDNA] Secure Cookies ("Scott @ Itsula" 2020)
  9. Re: [WebDNA] Secure Cookies (Tom Duke 2020)
  10. Re: [WebDNA] Secure Cookies (christophe.billiottet@webdna.us 2020)
  11. Re: [WebDNA] Secure Cookies (Stuart Tremain 2020)
  12. Re: [WebDNA] Secure Cookies (christophe.billiottet@webdna.us 2020)
  13. Re: [WebDNA] Secure Cookies (Stuart Tremain 2020)
  14. Re: [WebDNA] Secure Cookies (Tom Duke 2020)
  15. RE: [WebDNA] Secure Cookies ("Scott @ Itsula" 2020)
  16. [WebDNA] Secure Cookies - Further reading (Stuart Tremain 2020)
  17. [WebDNA] Secure Cookies (Stuart Tremain 2020)
  18. Re: [WebDNA] Secure cookies (HttpOnly/Secure) ("Dan Strong" 2013)
  19. Re: [WebDNA] Secure cookies (HttpOnly/Secure) (Tom Duke 2013)
  20. Re: [WebDNA] Secure cookies (HttpOnly/Secure) (WebDNA 2013)
  21. [WebDNA] Secure cookies (HttpOnly/Secure) ("Dan Strong" 2013)
  22. Re: [WebDNA] Secure Cookies (Tom Duke 2009)
  23. Re: [WebDNA] Secure Cookies (Tom Duke 2009)
  24. Re: [WebDNA] Secure Cookies (William DeVaul 2009)
  25. Re: [WebDNA] Secure Cookies (Tom Duke 2009)
  26. Re: [WebDNA] Secure Cookies (Frank Nordberg 2009)
  27. Re: [WebDNA] Secure Cookies (Govinda 2009)
  28. Re: [WebDNA] Secure Cookies ("Terry Wilson" 2009)
  29. Re: [WebDNA] Secure Cookies (William DeVaul 2009)
  30. Re: [WebDNA] Secure Cookies (William DeVaul 2009)
  31. Re: [WebDNA] Secure Cookies (Stuart Tremain 2009)
  32. Re: [WebDNA] Secure Cookies (Donovan Brooke 2009)
  33. Re: [WebDNA] Secure Cookies (Stuart Tremain 2009)
  34. Re: [WebDNA] Secure Cookies ("Terry Wilson" 2009)
  35. Re: [WebDNA] Secure Cookies (Stuart Tremain 2009)
  36. Re: [WebDNA] Secure Cookies (William DeVaul 2009)
  37. [WebDNA] Secure Cookies (Stuart Tremain 2009)
--0014853198dae64a520476ecceaa Content-Type: text/plain; charset=UTF-8 Sorry hit send too early The hacker would have to generate sessionID's - basically generate a duplicate carts - and then keep throwing them at a server hoping to match the legitimate sessionID of a logged in user. I had thought of two users logged in with the same sessionID before but had to stop checking for multiple IPs due to problems with users in some corporate environments. I can see your point though - so I think I'll start encrypting the sessionID ;-) I still figure if there's ever a hack it will be because a client is loose with their username/password ! Take care - Tom --0014853198dae64a520476ecceaa Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable Sorry hit send too early

The hacker would have to genera= te sessionID's - basically generate a duplicate carts - and then keep t= hrowing them at a server hoping to match the legitimate sessionID of a logg= ed in user.

I had thought of two users logged in with the same= sessionID before but had to stop checking for multiple IPs due to problems= with users in some corporate environments. =C2=A0I can see your point thou= gh - so I think I'll start encrypting the sessionID ;-)

I still figure if there's ever a hack it will be be= cause a client is loose with their username/password !

=
Take care
- Tom


--0014853198dae64a520476ecceaa-- Tom Duke

DOWNLOAD WEBDNA NOW!

Top Articles:

Talk List

The WebDNA community talk-list is the best place to get some help: several hundred extremely proficient programmers with an excellent knowledge of WebDNA and an excellent spirit will deliver all the tips and tricks you can imagine...

Related Readings:

WebCat2: multiple currency support (1997) Date search - yes or no (1997) Secure server question (1997) table max? (2001) page redirect in webDNA (1997) The List is Changing (1997) japanese characters (1997) eCommerce software pricing (1998) Carrying Forward (1998) Generating Report Totals (1997) [ShowNext] (1997) Navigator 4.01 (1997) WebMerchant 1.6 and SHTML (1997) nesting limits? (1998) ShowNext (1997) RE: too many nested [xxx] (1997) Multiple Passwords (1997) Missing Cart Information (2003) Caching [include] files ... (1997) founditems (2000)