Session Fixation Vulnerability in Web Based Apps
Ng Pheng Siong
ngps at netmemetic.com
Sun Jun 15 22:10:44 EDT 2003
On Sun, Jun 15, 2003 at 11:34:55AM -0700, James A. Donald wrote:
> Which is fine provided your code, rather than the framework
> code provided the cookie, and provided you generated the cookie
> in response to a valid login, as Ben Laurie does.. The
> framework, however, generally provides insecure cookies.
Dynamic programming environments like Lisp, Smalltalk and Python allow
the application programmer to replace parts of a framework with other code
easily.
Lisp does it better than Python. Dunno about Java, PHP, whatnot.
Build your applications with a superior programming system.
--
Ng Pheng Siong <ngps at netmemetic.com>
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list