Re: [PHP] Session Authentication

On 4/9/07, Peter Lauri <lists@xxxxxxxxxxx> wrote:


> -----Original Message-----
> From: Tijnema ! [mailto:tijnema@xxxxxxxxx]
> Sent: Monday, April 09, 2007 5:38 PM
> To: Martin Marques
> Cc: Ólafur Waage; php-general@xxxxxxxxxxxxx
> Subject: Re: [PHP] Session Authentication
>
> On 4/9/07, Martin Marques <martin@xxxxxxxxxxxxxxx> wrote:
> > Tijnema ! escribió:
> > > On 4/9/07, Martin Marques <martin@xxxxxxxxxxxxxxx> wrote:
> > >>
> > >> Yes:
> > >>
> > >> Don't use transparent session id, or even better, save the
> > >> authentication in a cookie on the client (seperated from the session
> > >> array).
> > >
> > > And then the user would crack the cookie ....
> > > I know they are encrypted, but trust me, cookies can be edited.
> >
> > So what? The user authenticated himself, so what is he gonna crack?
> Yes, but i guess you're not only storing if the user has
> authenticated, also storing a username?
>
> And if that's not the case, then you could authenticate by creating a
> cookie where it says authenticated = yes, and you're authenticated...
>
> Tijnema
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php

[Peter Lauri - DWS Asia]

If cookies were that unsecured so you could create your own cookies that
easily, then would cookies exist?

Best regards,
Peter Lauri

Cookies are old, so in the time they were introduced, today it is
possible to create and modify cookies with some good tools. These
tools are illegal, but every cracker is 99% illegal right? But that
means i can't give you these tools to proof it, but it is possible.

Tijnema
.

Relevant Pages

  • Re: Use owa cookie for authentication
    ... The user loggs into owa as usual and gets his mailbox. ... How can I use a cookie to authenticate my application? ... >> I have managed to get theese cookies, but I'm not sure on how to use them. ... > component, and then add the sessionid and cadata request headers (no, you ...
    (microsoft.public.exchange.development)
  • Re: Use owa cookie for authentication
    ... What I need is a signle sign on solution with forms based owa as the portal, ... If I could use the cookies owa generates. ... >> password or use this cokkie somehow to authenticate the user in my ...
    (microsoft.public.exchange.development)
  • Re: Using Cookies
    ... You will need to use more than cookies. ... authenticate themselves, so that you can identify them uniquely. ... > I have an asp.net application (Survey form). ... I kinda have an idea that I'll ...
    (microsoft.public.dotnet.general)
  • Re: Cookies- Why do I need to enable cookies to log into a website?
    ... Because http is stateless, the site uses a cookie to authenticate your ... session. ... You don't allow cookies, you can't get in. ...
    (microsoft.public.security)
  • Re: Access Database Using Python
    ... >K> I can't figure out how to authenticate and then load a page, ... >K> page requires cookies for authentication. ... Piet van Oostrum ... Private email: piet@xxxxxxxxxxxxxx ...
    (comp.lang.python)