[nycphp-talk] PHP Pentration Discussion
Chris Shiflett
shiflett at php.net
Sat May 28 16:47:09 EDT 2005
inforequest wrote:
> I think Rasmus' example was a cross-site scripting example, not stealing cookies.
I haven't kept up with that thread (nor this one), but the most common
XSS attacks are those that steal cookies. In fact, this is why there is
a recommendation for HTTP-only cookies - this would let developers
essentially hide these cookies from document.cookie.
Maybe that helps clarify something? :-)
Chris
--
Chris Shiflett
Brain Bulb, The PHP Consultancy
http://brainbulb.com/
More information about the talk
mailing list