--- Shaun <[EMAIL PROTECTED]> wrote:
> How could a cookie be changed maliciously?
Cookies are sent by the client, so hopefully that alone illustrates the
danger.
A cookie's value is not guaranteed to be whatever you asked the client to
set. The legitimate users of your site will likely be using a browser that
adheres to your wishes, but those who try to attack your application will
most assuredly not. If there is any way that an alternate value for the
cookie can benefit the attacker in any way, you can be assured that
someone will eventually find out.
Hope that helps.
Chris
=====
My Blog
http://shiflett.org/
HTTP Developer's Handbook
http://httphandbook.org/
RAMP Training Courses
http://www.nyphp.org/ramp
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
