[nycphp-talk] Session Thoughts
Chris Shiflett
shiflett at php.net
Fri Oct 31 18:29:57 EST 2003
One last comment (I think). :-)
--- felix zaslavskiy <felix at students.poly.edu> wrote:
> This list can go on but all these methods fail to protect against
> someone sniffing the TCP/IP connection.
If you can prevent every security vulnerability except those that
require sniffing the TCP/IP connection(s), you will have created a
very secure Web application, and adding SSL will eliminate the
remaining concerns.
So, don't assume that a protective measure that cannot defend against
TCP/IP sniffing is useless. This is a very bad assumption.
Hope that helps.
Chris
=====
My Blog
http://shiflett.org/
HTTP Developer's Handbook
http://httphandbook.org/
RAMP Training Courses
http://www.nyphp.org/ramp
More information about the talk
mailing list