Re: Why is the 'session.use_trans_sid' directive dangerous? [XOOPS general usage questions]

Why is the 'session.use_trans_sid' directive dangerous?

2008/6/24 8:18
tedsmith
Home away from home
Posts: 1151
Since: 2004/6/2 1

Can anyone tell me why 'session.use_trans_sid' is dangerous or give me a URL that explains it well?

Thanks

Ted

Re: Why is the 'session.use_trans_sid' directive dangerous?

2008/6/24 8:54
wizanda
Home away from home
Posts: 1585
Since: 2004/3/21

Quote:

Most people tend to forget that the PHPSESSID are dangerous to use straight
in the queries, because it comes from a cookie (or URL), and thus from the
client, and thus can not be trusted (SQL-injection).

It also looks awful, having every link with their session posted into the url...
.htaccess

php_flag session.use_trans_sid off

Oneness - True Faith

Re: Why is the 'session.use_trans_sid' directive dangerous?

2008/6/24 15:06
tedsmith
Home away from home
Posts: 1151
Since: 2004/6/2 1

I need some more detail really. Any URLs to point to that anyone knows of?

Stats
Goal:	$100.00
Due Date:	Nov 30
Gross Amount:	$0.00
Net Balance:	$0.00
Left to go:	$100.00

Why is the 'session.use_trans_sid' directive dangerous?

Re: Why is the 'session.use_trans_sid' directive dangerous?

Re: Why is the 'session.use_trans_sid' directive dangerous?

Login

Search

Recent Posts

XOOPS MyMenus 1.54.0 Beta 10

Re: XOOPS MyMenus 1.54.0 Beta 7

Re: XOOPS MyMenus 1.54.0 Beta 7

Re: XOOPS MyMenus 1.54.0 Beta 7

Re: XOOPS MyMenus 1.54.0 Beta 7

Re: XOOPS MyMenus 1.54.0 Beta 7

Re: XOOPS MyMenus 1.54.0 Beta 7

Re: XOOPS MyMenus 1.54.0 Beta 7

Re: XOOPS MyMenus 1.54.0 Beta 7

Re: XOOPS MyMenus 1.54.0 Beta 7

Who's Online

Donat-O-Meter

Latest GitHub Commits

{{ record.sha.slice(0, 7) }} - {{ record.commit.message | truncate }}