[Phpmyadmin-devel] speed improvement in auth_type cookie!
Garvin Hicking
phpmyadmin at supergarv.de
Wed Nov 24 06:31:30 CET 2004
Hi Marc!
> Hi Garvin,
> this would mean that a stolen cookie can be used to authenticate.
Well, but let's say PMA is used on a host which is restricted via IP protection,
or an internal server, where you suppose no cookies can/will be stolen - the
only way for users without mcrypt would be to not use cookies; instead I would
think it would be better to offer them to turn of validity checking in that
case.
But then again, I'm not much into all that Cookie-Stealing-Security issues. :)
Regards,
Garvin.
--
Garvin Hicking | Web-Entwickler | Make me happy:
www.supergarv.de | #ICQ 21392242 | http://wishes.garv.info/
More information about the Developers
mailing list