in reply to Re: Is this a secure way to prevent cookie tampering
in thread Is this a secure way to prevent cookie tampering
A cookie should store only a randomly-generated unique ID
Are you suggesting that I should rely on the randomness of the ID to prevent spoofing. Surely storing a serial ID and also a secret unique to the session would be better.
There are also issues with your approach such as the complexity of checking that the ID is unique and also generating unique numbers when the available pool is largely used. Admittedly these would not be issues for low traffic but they do exist.
--tidiness is the memory loss of environmental mnemonics
|
---|
Replies are listed 'Best First'. | |
---|---|
Re^3: Is this a secure way to prevent cookie tampering
by hardburn (Abbot) on Jun 29, 2004 at 15:47 UTC | |
by EvdB (Deacon) on Jun 29, 2004 at 16:01 UTC | |
by merlyn (Sage) on Jun 29, 2004 at 16:35 UTC | |
by iburrell (Chaplain) on Jun 29, 2004 at 16:37 UTC | |
by exussum0 (Vicar) on Jul 01, 2004 at 02:32 UTC |
In Section
Seekers of Perl Wisdom