> Ooh, and here's a good question. Once I get it to the client, how can I > make sure that it wasn't hijacked via man-in-the-middle or a sniffer on the > client end? > > I used to use REMOTE_IP and REMOTE_USERAGENT stored on server end and > compare to the value sent from the user. But I need a way to ensure that > the cookie wasn't grabbed on the way etc. now... > > Ryan Use HTTPS. Anything else will require serious bodging. Kurt Seifried, kurtat_private A15B BEE5 B391 B9AD B0EF AEB0 AD63 0B4E AD56 E574 http://www.seifried.org/security/
This archive was generated by hypermail 2b30 : Sat Jan 12 2002 - 08:17:51 PST