Re: post and php (newbie question)

---

• From: Michael Fesser <netizen@xxxxxx>
• Date: Mon, 18 Aug 2008 20:24:18 +0200

---

..oO(The Natural Philosopher)

All other methods
(cookies, GET, POST) expose the data to the client, which makes it easy
to manipulate and requires validation over and over again on every page
that wants to use it.

You don't seem to understand tat all a session is, is reducing the data
passed to *ONE* GET POST or cookie.

Irrelevant here.

You cam implement that yourself easily, and probably more securely than
sessions does..by e.g. storing 'session' data in a database.

A simple DB is as secure as a flat file.

Intrinsically all sessions are, is a wrapper round a basic GET or
cookie token passing system, and are not more secure than any other way
that might be implemented.

They are more secure than passing the same data by GET or POST, as I've
already explained.

Client data can be never be trusted, while the session container can be
considered a secure environment. Hence it's in many cases the preferred
way for keeping data across several HTTP requests.

You may consider it secure if you want. Excuse me if I consider the
possibility that someone else might easily 'steal' a session.

And what does this have to do with the possibility of manipulating the
actual data? It's the data we're talking about here, nothing else. GET
and POST data is easy to fake, SESSION data is safe. It's that simple.

And stealing a session is not that easy if you do it right.

Micha
.

---

• References:
  • post and php (newbie question)
    • From: cplxphil
  • Re: post and php (newbie question)
    • From: Jerry Stuckle
  • Re: post and php (newbie question)
    • From: Andrew
  • Re: post and php (newbie question)
    • From: Michael Fesser
  • Re: post and php (newbie question)
    • From: The Natural Philosopher
  • Re: post and php (newbie question)
    • From: Michael Fesser
  • Re: post and php (newbie question)
    • From: The Natural Philosopher
  • Re: post and php (newbie question)
    • From: Michael Fesser
  • Re: post and php (newbie question)
    • From: The Natural Philosopher

• Prev by Date: Re: first file from every subfolder!
• Next by Date: Re: first file from every subfolder!
• Previous by thread: Re: post and php (newbie question)
• Next by thread: Re: post and php (newbie question)
• Index(es):
  • Date
  • Thread

---

Relevant Pages Secure ASP.Net Sessions ... The current implementation has used 2 ASP.Net applications one secure and ... one insecure, to avoid the insecure session ID being hijacked ... In an ideal world I want the application to also handle the cookie less ... There should be 2 session IDs, one for insecure sessions and one for secure ... (microsoft.public.dotnet.framework.aspnet.security) Re: OT - How Web Apps Do/Should Detect Authentication ... Is it some kind of cookie? ... URL rewriting that put the session id in the URL ... that we can send an HTTP header to their product and it would ... it may be secure. ... (microsoft.public.dotnet.languages.csharp) Re: question about php/SSL ... :2) Should i secure every page with SSL or just the ones with sensitive ... The key to the session is the session identifier, ... stored in a cookie on the client machine. ... (comp.lang.php) Re: Secure Session - Tips ... > I've like to know if exists tips for developing the login using Session ... > and Cookie to secure against invasion. ... (alt.php) Re: How can I prevent Sessions from ending just because the browser window is closed ... Now if a user closes the window, and get to your site again, ... this cookie will give you the last session id and you can manipulate your ... (microsoft.public.dotnet.framework.aspnet)

---

• Security
• UNIX
• Linux
• Coding
• Usenet

• Archive
• About
• Privacy
• Search
• Imprint

coding.derkeiler.com  > Archive  > PHP  > comp.lang.php  > 2008-08