"Ian Bagley" <[EMAIL PROTECTED]> writes:
> Indeed, SSL is the only way to properly protect from 'stealing' a
> SID, but still, the MD5 solution does tend to protect the integrity
> of the query string.
Yes, I like the MD5 trick very much. It seems that if using Cookies
and POST employing
> -Original Message-
> From: Christopher Ostmo [mailto:[EMAIL PROTECTED]]
>
> Ian Bagley pressed the little lettered thingies in this order...
>
> > One thing which would prevent hijacks from simply guessing SIDS
> would be to
> > add an md5 hash to the end of a url
> >
[
Ian Bagley pressed the little lettered thingies in this order...
> One thing which would prevent hijacks from simply guessing SIDS would be to
> add an md5 hash to the end of a url
>
> e.g.
>
> If a page was:- doit.php?item=4&SID=237478
>
> then append the url with the md5 of the url PLUS
3 matches
Mail list logo
