User: Password:
|
|
Subscribe / Log in / New account

Session cookies for web applications

Session cookies for web applications

Posted May 23, 2008 7:55 UTC (Fri) by ekj (guest, #1524)
Parent article: Session cookies for web applications

This is pretty much a solution to a non-problem though.

There are -huge- problems in web-application-security for sure. Keeping A from being able to
impersonate B when A has complete read-access to the entirety of the database typically isn't
among them.

Get me right, in principle any improvement is a good thing. You'd be better off fixing
SQL-injection in the first place though, as this method primarily defends against that. And
it's not as if fixing sql-injection is difficult.



(Log in to post comments)

Session cookies for web applications

Posted May 23, 2008 9:30 UTC (Fri) by intgr (subscriber, #39733) [Link]

And it's not as if fixing sql-injection is difficult.
Fixing one SQL injection is not difficult. Finding and fixing all SQL injections in a legacy web application on the other hand...


Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds