[Kolab-devel] Re: steffen: server/kolab-webadmin/kolab-webadmin/www/admin/user user.php, 1.3, 1.4
Steffen Hansen
steffen at klaralvdalens-datakonsult.se
Mon May 24 14:28:47 CEST 2004
On Monday 24 May 2004 14:03, Martin Konold wrote:
> Am Monday 24 May 2004 01:53 pm schrieb cvs at intevation.de:
>
> Hi Steffen,
>
> > reasonable default for homeServer. Check IP address when
> > authenticating to make it more difficult to hijack a session
>
> What are you doing here??!! The hijacking of the TCP/IP session is
> impossible with ssl secured https.
And pigs fly??!!...
There have been so many many security problems because of
webapplications who don't check the remote address of the session or
login cookie. SSL or not, there are buggy browsers, cross-site
scripting in unoin with social engineering tactics etc., so IMO not
having two lines of PHP code to check for the remote address of the
client would be a bug.
regards
--
Steffen Hansen | Klarälvdalens Datakonsult AB
Senior Software Engineer| http://www.klaralvdalens-datakonsult.se
|
| Platform-independent
| software solutions
More information about the devel
mailing list