LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for May 23, 2013

An "enum" for Python 3

An unexpected perf feature

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

Session cookies for web applications

Session cookies for web applications

Posted May 23, 2008 7:55 UTC (Fri) by ekj (guest, #1524)
Parent article: Session cookies for web applications 

This is pretty much a solution to a non-problem though.

There are -huge- problems in web-application-security for sure. Keeping A from being able to
impersonate B when A has complete read-access to the entirety of the database typically isn't
among them.

Get me right, in principle any improvement is a good thing. You'd be better off fixing
SQL-injection in the first place though, as this method primarily defends against that. And
it's not as if fixing sql-injection is difficult.

(Log in to post comments)

Session cookies for web applications

Posted May 23, 2008 9:30 UTC (Fri) by intgr (subscriber, #39733) [Link]

And it's not as if fixing sql-injection is difficult.
Fixing one SQL injection is not difficult. Finding and fixing all SQL injections in a legacy web application on the other hand...

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds