Wrox Programmer Forums
|
Beginning PHP Beginning-level PHP discussions. More advanced coders should post to the Pro PHP forum.
Welcome to the p2p.wrox.com Forums.

You are currently viewing the Beginning PHP section of the Wrox Programmer to Programmer discussions. This is a community of software programmers and website developers including Wrox book authors and readers. New member registration was closed in 2019. New posts were shut off and the site was archived into this static format as of October 1, 2020. If you require technical support for a Wrox book please contact http://hub.wiley.com
 
Old December 19th, 2004, 12:12 PM
Authorized User
 
Join Date: Jul 2004
Posts: 79
Thanks: 0
Thanked 0 Times in 0 Posts
Send a message via MSN to rajuru Send a message via Yahoo to rajuru
Default Security Issue

Dear,
Here I m going to post my idea to make information of restricted area more secure. I don't know whether developers have already done this or not. still I want to discuss my idea.


See, one can easily access the data of a session of PHP using the Session ID. So, by the following idea I think no one will be to do such act.

Every time a browser starts, it can generate a random number and it will be offcourse unique in the world. This number will not identical in anyway to any other number. When we register session we can the Unique ID to make our script more secure. and no other person from any other computer will be able to access to the registered session if we develop our script using this ID

Do you understand what I want to say?

Please discuss regarding this matter.


Best Regard:
Md. Zakir Hossain (Raju)
www.rubd.net
www.xenex.rubd.net
www.forum.rubd.net
__________________
Best Regard:
Md. Zakir Hossain (Raju)

www.rajuru.xenexbd.com - my blog with PHP scripts, PHP Book Review and many more
 
Old December 20th, 2004, 07:31 AM
Friend of Wrox
 
Join Date: Mar 2004
Posts: 357
Thanks: 0
Thanked 0 Times in 0 Posts
Send a message via Yahoo to anshul
Default

no.
first how can other Web sites access some site's session variables?
 
Old December 20th, 2004, 08:59 AM
Authorized User
 
Join Date: Dec 2004
Posts: 53
Thanks: 0
Thanked 0 Times in 0 Posts
Send a message via Yahoo to peg110
Default

If I understand the question correctly, What you suggest has already been done (sort of). Intel serialized their CPU's to do exactly what you suggest, but too many people were afraid of it's use citing concerns of "Big Brother" watching us.



Paul Gardner
------------------
PHP-LIVE help
Via Web @ http://www.mnetweb.co.uk/irc
Via IRC Client pgardner.net:6667
room #PHP
 
Old December 23rd, 2004, 09:35 AM
Authorized User
 
Join Date: Jul 2004
Posts: 79
Thanks: 0
Thanked 0 Times in 0 Posts
Send a message via MSN to rajuru Send a message via Yahoo to rajuru
Default

yes, other site can use session id

please read
Sessions and security
in
http://hk.php.net/manual/en/ref.session.php

Best Regard:
Md. Zakir Hossain (Raju)
www.rubd.net
www.xenex.rubd.net
www.forum.rubd.net





Similar Threads
Thread Thread Starter Forum Replies Last Post
Code Access Security & Role Based Security robzyc C# 6 April 11th, 2008 02:31 AM
A security issue of my new computer language AndrewH Other Programming Languages 0 July 5th, 2007 04:01 PM
Security Issue Brendan Bartley Access 1 April 26th, 2007 09:37 AM
java security certificate issue getsreenuk Apache Tomcat 0 March 3rd, 2007 05:49 AM
Security Issue vlado2000 Classic ASP Professional 0 March 5th, 2004 02:26 PM





Powered by vBulletin®
Copyright ©2000 - 2020, Jelsoft Enterprises Ltd.
Copyright (c) 2020 John Wiley & Sons, Inc.