[nycphp-talk] Session Thoughts
Chris Shiflett
shiflett at php.net
Fri Oct 31 15:28:54 EST 2003
--- felix zaslavskiy <felix at students.poly.edu> wrote:
> There is no magic tricks that Amazon and Yahoo to do to secure
> their webapplication and ssl and ask for a password is really what
> they do at the application level.
I agree that it's not magic, but if you think using SSL and asking
for a password is all that they do, or if you think this is all that
you need to do to secure a session or a Web application in general,
you're simply wrong.
Any code written by someone with this perspective is almost assuredly
full of security vulnerabilities.
Chris
=====
My Blog
http://shiflett.org/
HTTP Developer's Handbook
http://httphandbook.org/
RAMP Training Courses
http://www.nyphp.org/ramp
More information about the talk
mailing list