[thesite] My Intro and a look at a UEUE Proposal
Rory.Plaire at wahchang.com
Rory.Plaire at wahchang.com
Thu Oct 18 13:41:20 CDT 2001
| so Joey Cracker gets my userid and priv level from my cookie.
| what can
| he do with it if its not got a corresponding userid_hash
| value that uses
| our secret key? (just looking for an example from your POV)
If the hash doesn't change, then couldn't he just resubmit the user_id and
user_id hash? Likewise with the rest of the attributes/attribute_hash pairs?
Like .jeff says, if he kept a running log, and kept all the hashed cookies?
(yum!)
<rory alt="?"/>
P.S. you told us to ask... ! 8)
More information about the thesite
mailing list