How Does This Work
This is a short explanation why I have chosen these authentication methods.
Users with shell access to the web server can scan valid session id's if the default /tmp directory is used to store the session data.
The protection against this kind of attack is the IP check.
Somebody who has a site (on a shared host with you) can generate valid session for your site.
This is why the checkSession method is used and the session id is recorded in the database.
Somebody may sniff network traffic and catch the cookie.
The IP check should eliminate this problem too.
1 comment:
Good day! This іs my first visit tо your blog! We are а team of voluntеers and starting a new initiative in a
cοmmunity in the same niche. Your blog providеd us vɑluable
information to work on. You hɑve done a extraordinary job!
my site: sierra forum
Post a Comment