News Feed
Sections




News Archive
Looking for more information on how to do PHP the right way? Check out PHP: The Right Way

ServerSide Magazine:
Session Hijacking
December 12, 2008 @ 10:23:42

In this recent article from ServerSide Magazine they look at a security issue that can be hard to detect if you're not sure what you're looking for - session hijacking - and how you can help to prevent it on your site.

A must have for the attacker in a session hijack is the Session Identifier so he can impersonate the attack. Let's presume for example that you have your website hosted on a shared hosting on which PHP is installed as an Apache module, thing that makes session files belong to the web user, in other words: accessible.

He breaks it out into three potential kinds of session hijack methods - prediction, capture and fixation - with definitions for each. He also makes recommendations of some secure practices to follow to help prevent some of these issues (like not trusting users, using $_COOKIE and $_SESSION correctly and using a security token too along with the session ID).

0 comments voice your opinion now!
hijack session predict capture fixation secure practice


blog comments powered by Disqus

Similar Posts

ThinkPHP Blog: Accessing NTLM secured resources with PHP

Community News: Adobe Developer Week Starts May 10th

Zend Developer Zone: The ZendCon Sessions Episode 4: IBM DB2 with PHP 5.2 and AJAX

Edd Mann: Securing Sessions in PHP

Zak Greant's Blog: The eZ partner program (response to Seth Gottlieb's Commercial O/S business post)


Community Events





Don't see your event here?
Let us know!


bugfix library framework list language code wordpress laravel api configure podcast application introduction community series project interview release threedevsandamaybe developer

All content copyright, 2014 PHPDeveloper.org :: info@phpdeveloper.org - Powered by the Solar PHP Framework