[Phpmyadmin-devel] Re: token and cookies

Michal Čihař michal at cihar.com
Thu Apr 27 12:52:01 CEST 2006


On Thu, 27 Apr 2006 15:29:31 +0200
Sebastian Mendel <lists at sebastianmendel.de> wrote:

> Michal Čihař schrieb:
> > On Thu, 27 Apr 2006 15:18:34 +0200
> > Sebastian Mendel <lists at sebastianmendel.de> wrote:
> > 
> >> for security reasons we decided to not support url session ids
> > 
> > What's problem with that?
> 
> session fixation and hijacking?

Hmmm, what is better? This or XSRF or cookie requirement. Looks like we
have to make choice.

-- 
    Michal Čihař | http://cihar.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL: <http://lists.phpmyadmin.net/pipermail/developers/attachments/20060427/6135d3c8/attachment.sig>


More information about the Developers mailing list