24 Nov
2004
24 Nov
'04
7:31 a.m.
Hi Marc!
Hi Garvin, this would mean that a stolen cookie can be used to authenticate.
Well, but let's say PMA is used on a host which is restricted via IP protection, or an internal server, where you suppose no cookies can/will be stolen - the only way for users without mcrypt would be to not use cookies; instead I would think it would be better to offer them to turn of validity checking in that case.
But then again, I'm not much into all that Cookie-Stealing-Security issues. :)
Regards, Garvin.
--
Garvin Hicking | Web-Entwickler | Make me happy:
www.supergarv.de | #ICQ 21392242 | http://wishes.garv.info/