Pathologically Eclectic Rubbish Lister | |
PerlMonks |
Re: Re: Secure Session ID valuesby BlueLines (Hermit) |
on Nov 20, 2001 at 23:51 UTC ( [id://126599]=note: print w/replies, xml ) | Need Help?? |
ugh. being unique isn't necessarily secure though. i mean, this is a fairly predictable number (in comparison to, say, the md5 sum of time().$$ encrypted with your pgp key). this wouldn't be that difficult to brute force, and if there was something valuable on the other end (money, classified info), then i'm sure someone would try. i reccomend this paper. This guy's perl isn't that great, but the ideas expressed are good, and there's several examples of hijacking session id's in the real world. BlueLines Disclaimer: This post may contain inaccurate information, be habit forming, cause atomic warfare between peaceful countries, speed up male pattern baldness, interfere with your cable reception, exile you from certain third world countries, ruin your marriage, and generally spoil your day. No batteries included, no strings attached, your mileage may vary.
In Section
Seekers of Perl Wisdom
|
|