[Phpmyadmin-devel] Re: token and cookies
Michal Čihař
michal at cihar.com
Thu Apr 27 12:52:01 CEST 2006
On Thu, 27 Apr 2006 15:29:31 +0200
Sebastian Mendel <lists at sebastianmendel.de> wrote:
> Michal Čihař schrieb:
> > On Thu, 27 Apr 2006 15:18:34 +0200
> > Sebastian Mendel <lists at sebastianmendel.de> wrote:
> >
> >> for security reasons we decided to not support url session ids
> >
> > What's problem with that?
>
> session fixation and hijacking?
Hmmm, what is better? This or XSRF or cookie requirement. Looks like we
have to make choice.
--
Michal Čihař | http://cihar.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL: <http://lists.phpmyadmin.net/pipermail/developers/attachments/20060427/6135d3c8/attachment.sig>
More information about the Developers
mailing list