Re: PayPal security flaw
From: Todd H. (comphelp_at_toddh.net)
Date: 12/20/03
- Next message: Jason LaRue: "Re: Tool to monitor apps connections (tcp) for Win98?"
- Previous message: Bo Berglund: "Re: Using PGP 8.0.3 with Outlook 2002???"
- In reply to: Barry Margolin: "Re: PayPal security flaw"
- Next in thread: Nick Roberts: "Re: PayPal security flaw"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: 20 Dec 2003 14:36:57 -0600
Barry Margolin <barmar@alum.mit.edu> writes:
> Unless you want to make the user go through the password entry page
> again, the authentication info has to be saved on the client machine
> somewhere.
Not true. You can save instead an authentication cookie that's tied
to a session table on the server. And the authentication cookie can
be hashed with the user's IP address, time of creation, and other
things to minimize the "portability" of that cookie to another remote
user.
The username and password should NOT be part of this cookie--only used
to get that cookie upon initial authentication.
-- Todd H. http://www.toddh.net/
- Next message: Jason LaRue: "Re: Tool to monitor apps connections (tcp) for Win98?"
- Previous message: Bo Berglund: "Re: Using PGP 8.0.3 with Outlook 2002???"
- In reply to: Barry Margolin: "Re: PayPal security flaw"
- Next in thread: Nick Roberts: "Re: PayPal security flaw"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
