WebApp Sec mailing list archives
Re: Session security with cookies
From: "Aaron Katz" <atkatz () gmail com>
Date: Wed, 5 Dec 2007 15:47:48 -0500
All, Apologies. That should have started, "As Thomas rightly points out..." -- Aaron On Dec 5, 2007 3:37 PM, Aaron Katz <atkatz () gmail com> wrote:
Thomas, It's rather an axiom, at this point, that it's unsafe to trust a client - an untrusted client (as discussed in this case) even more. -- Aaron On Dec 5, 2007 2:27 AM, Thomas <tom () electric-sheep org> wrote:-Ensure the session times out in a reasonable amount of timeTimeouts have to be enforced by the server because cookie lifetime is not mandatory and can be ignored or/and modified by the client. -- Tom <tom () electric-sheep org> fingerprint = F055 43E5 1F3C 4F4F 9182 CD59 DBC6 111A 8516 8DBF ------------------------------------------------------------------------- Sponsored by: Watchfire Methodologies & Tools for Web Application Security Assessment With the rapid rise in the number and types of security threats, web application security assessments should be considered a crucial phase in the development of any web application. What methodology should be followed? What tools can accelerate the assessment process? Download this Whitepaper today! https://www.watchfire.com/securearea/whitepapers.aspx?id=70170000000940F -------------------------------------------------------------------------
------------------------------------------------------------------------- Sponsored by: Watchfire Methodologies & Tools for Web Application Security Assessment With the rapid rise in the number and types of security threats, web application security assessments should be considered a crucial phase in the development of any web application. What methodology should be followed? What tools can accelerate the assessment process? Download this Whitepaper today! https://www.watchfire.com/securearea/whitepapers.aspx?id=70170000000940F -------------------------------------------------------------------------
Current thread:
- Session security with cookies Till Elsner (Dec 04)
- Re: Session security with cookies Paul Johnston (Dec 04)
- RE: Session security with cookies Jeffory Atkinson (Dec 04)
- Re: Session security with cookies bugtraq (Dec 04)
- Re: Session security with cookies Thomas (Dec 05)
- Re: Session security with cookies Aaron Katz (Dec 05)
- Re: Session security with cookies Aaron Katz (Dec 05)
- Re: Session security with cookies Vicente Aguilera (Dec 05)
- RE: Session security with cookies WebAppSec (Dec 08)
- Re: Session security with cookies Ron (Dec 04)
- Re: Session security with cookies Aaron Katz (Dec 04)
- Re: Session security with cookies Till Elsner (Dec 05)
- Re: Session security with cookies Aaron Katz (Dec 05)
- Re: Session security with cookies Till Elsner (Dec 05)
- Re: Session security with cookies Aaron Katz (Dec 05)
- Re: Session security with cookies Aaron Shelmire (Dec 08)
- Re: Session security with cookies Eduardo Tongson (Dec 08)
- Re: Session security with cookies Aaron Katz (Dec 04)