WebApp Sec mailing list archives

Previous By Date Next
Previous By Thread Next

RE: Whitepaper "SESSION RIDING - A Widespread Vulnerability in Today's Web Applications"

From: "Scovetta, Michael V" <Michael.Scovetta () ca com>
Date: Wed, 22 Dec 2004 12:09:50 -0500
Sverre,

Also, in general, many clients are either behind proxies or have IP
addresses that change very frequently (AOL comes to mind, but I'm sure
there are others)-- I'm not sure if this is simply AOL masking the
source IP or whether the DHCP lease is just very short, but the rule is:
  "In general, you should assume that the source IP of a client will not
remain constant during any meaningful length of time."

At least, that's my take on it.

Regards,

Michael Scovetta
Computer Associates
Senior Application Developer

-----Original Message-----
From: Sverre H. Huseby [mailto:shh () thathost com] 
Sent: Tuesday, December 21, 2004 2:21 AM
To: Elihu Smails
Cc: webappsec () securityfocus com
Subject: Re: Whitepaper "SESSION RIDING - A Widespread Vulnerability in
Today's Web Applications"

[Elihu Smails]

|   Sessions should track the remote IP address of the client at a
|   minimum, so that this problem could go away.

Unfortunately, checking IP addresses won't solve the Session Riding /
Web Trojan problem, as the request is coming from the victim's
computer.


Sverre.
Previous By Date Next
Previous By Thread Next

Current thread: