Freelancers Network
 
skill list top cap
Homepage
Join the Freelancer's Network
Update your details
Find a freelancer
Post a project
Find a project
Projects Archive
Post a job
Find a job
Jobs Archive
See Dan's Pages
See Andy's Pages
Link to this site
Resources
Join/Leave Forum
Forum Messages
+Additions+ Adverts
Advertising
Contact Us
Subscribe to our newsletter - enter your email address and hit return
Freelancers.net is owned and operated by Andy Stowell and Dan Winchester
skill list end cap
guru web hostcom

Find me again on Freelancers.net

A question for ASP and MS types

date posted 1st November 2002 12:36

This is a multi-part message in MIME format.

------=_NextPart_000_00B5_01C281A4.2C4208E0
Content-Type: multipart/alternative;
boundary="----=_NextPart_001_00B6_01C281A4.2C438F80"


------=_NextPart_001_00B6_01C281A4.2C438F80
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: 7bit

Eonic StationeryI am writing a system using active directory for logons.

I want to store some logon information specifically a username as a session
variable.

How easy would it be for a hacker to set his own session variables? I
personally can't think how it might be done.

I know most systems are not hacker proof and I don't expect it to be 100%
secure, but I don't want it to be stupidly easy either.

I allready know the downsides of using sessions from a performance
perspective.

Please lets not get drawn into a Microsoft hating debate, or telling me I
should be using PHP or some other far superior technology.


Kind Regards

Trevor Spink - CTO

Eonic Ltd.
32a Lansdowne Road, Tunbridge Wells, Kent. TN1 2NL
t: 01892 534044 m: 07973 172892 e: [EMAIL REMOVED]
www.eonic.co.uk

This e-mail may contain confidential and/or privileged information. If you
are not the intended recipient (or have received this e-mail in error)
please notify the sender immediately and destroy this e-mail. Any
unauthorized copying, disclosure or distribution of the material in this
e-mail is strictly forbidden.



------=_NextPart_001_00B6_01C281A4.2C438F80
Content-Type: text/html;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable


Eonic Stationery



I am =
writing a=20
system using active directory for logons.
 
I want =
to store some=20
logon information specifically a username as a session=20
variable.
 
How =
easy would it be=20
for a hacker to set his own session variables? I personally can't think =
how it=20
might be done.
 
I know =
most systems=20
are not hacker proof and I don't expect it to be 100% secure, but I =
don't want=20
it to be stupidly easy either.

 
I =
allready know the=20
downsides of using sessions from a performance =
perspective.
 =

Please =
lets not get=20
drawn into a Microsoft hating debate, or telling me I should be using =
PHP or=20
some other far superior technology.
 
 
Kind Regards
Trevor Spink - CTO
Eonic Ltd. 32a=20
Lansdowne Road, Tunbridge Wells, Kent. TN1 2NL t: 01892 534044    m: 07973 172892   =
e:

Messages by Day
November 30th 2002
November 29th 2002
November 28th 2002
November 27th 2002
November 26th 2002
November 25th 2002
November 24th 2002
November 23rd 2002
November 22nd 2002
November 21st 2002
November 20th 2002
November 19th 2002
November 18th 2002
November 17th 2002
November 16th 2002
November 15th 2002
November 14th 2002
November 13th 2002
November 12th 2002
November 11th 2002
November 10th 2002
November 9th 2002
November 8th 2002
November 7th 2002
November 6th 2002
November 5th 2002
November 4th 2002
November 3rd 2002
November 2nd 2002
November 1st 2002


Messages by Month
December 2002
November 2002
October 2002
September 2002
August 2002
July 2002
June 2002
May 2002
April 2002
March 2002
February 2002
January 2002


Messages by Year
2008
2007
2006
2005
2004
2003
2002
2001
2000