[nycphp-talk] Session security: protecting against hijacking attempts
csnyder
chsnyder at gmail.com
Wed Dec 15 18:11:37 EST 2004
On Wed, 15 Dec 2004 16:47:07 -0600, Eric Rank <flakie at gmail.com> wrote:
> Is this something that needs to be worried about, or am I just paranoind?
Yes. ;-)
No, not really -- you need to think about what harm can come from
someone impersonating an authenticated user of your application.
Falsified posts on a message board are usually no big deal, but
defacement of your Fortune 500 company's dynamic website would be a
much bigger concern.
Just because it's relatively easy to do, doesn't mean that anyone will
ever take the trouble to do it. If the possibility keeps you awake at
night, use SSL. Otherwise don't sweat it.
More information about the talk
mailing list