D&C GLug - Home Page

[ Date Index ] [ Thread Index ] [ <= Previous by date / thread ] [ Next by date / thread => ]

Re: [LUG] PHP Session problems

 

On Friday 11 May 2007 08:02, Anton Channing wrote:
> James Fidell wrote:
> > Anton Channing wrote:
> >> But what if you've revoked the users admin
> >> privileges in the mean time?  They will still
> >> have an active cookie.  Your method is
> >> insecure.
> >
> > Or what if a user decides to give themselves admin
> > privileges by hacking the cookie to change their
> > user type?  OK, so they'd have to guess the exact
> > string, but it's not exactly difficult, is it?
>
> I suspected that might be also be possible
> but that really stretched my knowledge about
> cookies!
>
> Thanks for expanding my point on this one!
>
> Anton
http://www.w3schools.com/php/php_sessions.asp
of any use?
Tom te tom te tom


-- 
The Mailing List for the Devon & Cornwall LUG
http://mailman.dclug.org.uk/listinfo/list
FAQ: http://www.dcglug.org.uk/linux_adm/list-faq.html