[elektro] sid átadás
Fuzesi Arnold
arnold.fuzesi.lista at gmail.com
Wed Feb 20 00:28:01 CET 2013
Jobb helyeken lejár a SID, egyszer hasznalatos, nyugodtan átadhatod barhogy,
senki nem megy vele semmire kesobb...sztem felreerted kicsit.
"A session ID is typically granted to a visitor on his first visit to a site. It
is different from a user ID in that sessions are typically short-lived (they
expire after a preset time of inactivity which may be minutes or hours) and may
become invalid after a certain goal has been met (for example, once the buyer
has finalized his order, he cannot use the same session ID to add more items).
As session IDs are often used to identify a user that has logged into a website,
they can be used by an attacker to hijack the session and obtain potential
privileges. A session ID is often a long, randomly generated string to decrease
the probability of obtaining a valid one by means of a brute-force search. Many
servers perform additional verification of the client, in case the attacker has
obtained the session ID. Locking a session ID to the client's IP address is a
simple and effective measure as long as the attacker cannot connect to the
server from the same address."
A.
On 2013.02.19. 22:31, Info wrote:
> Sziasztok !
>
> Morfondírozom, hogy hogyan lehetne SID-et átadni egy beágyazott
> webes alkalmazásban úgy, hogy azt ne tárolja le könyvjelzőként.
> Tehát pl iframe-be teszem az egészet és a prog fejlécében
> marad az eredeti cím, de klikk-kor ugye az átadott url lesz a
> fejlécben, amit csak replace-el cserélhetnék ki, de ekkor újra
> is töltené sid nélküli lappal...
> Vajon az otp portálja hogy oldja meg ?
> Ha kukizom, az átmegy minden http kérésben, de nem marad letárolva.
> Ha ki van kapcsolva vajon akkor is visszaadja a kukikat ?
>
> Thx!
> Béla
>
> -----------------------------------------
> elektro[-flame|-etc]
>
More information about the Elektro
mailing list