WebApp Sec mailing list archives
RE: Growing Bad Practice with Login Forms
From: Konstantin Ryabitsev <icon () phy duke edu>
Date: Tue, 27 Jul 2004 10:28:42 -0400
On Tue, 2004-07-27 at 10:20 -0400, Stan Guzik wrote:
Once you enter the site they set their cookie without SSL. This is not a good practice because it leaves the cookie (maybe session management) open to a sniffing attack.
This is indeed a valid concern, but a separate issue. If you got a session cookie over cleartext, then authenticated over SSL, your session can be compromised if the same session is used to identify you past- login. Regards, -- Konstantin Ryabitsev Duke University Physics
Attachment:
signature.asc
Description: This is a digitally signed message part
Current thread:
- RE: Growing Bad Practice with Login Forms, (continued)
- RE: Growing Bad Practice with Login Forms Thomas Schreiber (Jul 27)
- RE: Growing Bad Practice with Login Forms Yvan Boily (Jul 27)
- Re: Growing Bad Practice with Login Forms Toro, Daniel (Jul 27)
- Re: Growing Bad Practice with Login Forms Jason Coombs PivX Solutions (Jul 27)
- Re: Growing Bad Practice with Login Forms Stephen de Vries (Jul 28)
- Re: Growing Bad Practice with Login Forms Jason Coombs PivX Solutions (Jul 29)
- Re: Growing Bad Practice with Login Forms David Wall @ Yozons, Inc. (Jul 29)
- Re: Growing Bad Practice with Login Forms Ivan Krstic (Jul 28)
- RE: Growing Bad Practice with Login Forms Yvan Boily (Jul 27)
- RE: Growing Bad Practice with Login Forms Thomas Schreiber (Jul 27)
- RE: Growing Bad Practice with Login Forms Konstantin Ryabitsev (Jul 27)
- Re: Growing Bad Practice with Login Forms Darragh O'Brien (Jul 27)
- Summary: Growing Bad Practice with Login Forms athena (Jul 27)
- Re: Summary: Growing Bad Practice with Login Forms Ivan Andres Hernandez Puga (Jul 28)
- Re: Summary: Growing Bad Practice with Login Forms David Telfer (Jul 28)
- Re: Summary: Growing Bad Practice with Login Forms Rogan Dawes (Jul 28)
- Re: Summary: Growing Bad Practice with Login Forms athena (Jul 28)
- RE: Summary: Growing Bad Practice with Login Forms Yvan Boily (Jul 28)