RE: CSS, CSS & let me give you some more CSS

From: infoat_private
Date: Fri Feb 01 2002 - 08:08:59 PST

Next message: Bill Pennington: "Re: CSS, CSS & let me give you some more CSS"

Previous message: keks_revda: "SmallHTTP smallest problemm"
Next in thread: Bill Pennington: "Re: CSS, CSS & let me give you some more CSS"
Reply: Bill Pennington: "Re: CSS, CSS & let me give you some more CSS"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

If you use IP address for session cookie attacker can't use 
stolen cookie.
However, you can't use IP address when BGP or Proxy are used.
In this case the best protection is to change session cookie 
for each transaction using transaction counter.
This will provide a transaction non-repudiation.
If such session cookie is stolen and used by a hacker prior 
to a user, then user session will be blown away.

Mike

Next message: Bill Pennington: "Re: CSS, CSS & let me give you some more CSS"
Previous message: keks_revda: "SmallHTTP smallest problemm"
Next in thread: Bill Pennington: "Re: CSS, CSS & let me give you some more CSS"
Reply: Bill Pennington: "Re: CSS, CSS & let me give you some more CSS"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Feb 01 2002 - 00:21:53 PST