[13642] in cryptography@c2.net mail archive
Re: Session Fixation Vulnerability in Web Based Apps
daemon@ATHENA.MIT.EDU (Ng Pheng Siong)
Sun Jun 15 23:21:43 2003
X-Original-To: cryptography@metzdowd.com
X-Original-To: cryptography@metzdowd.com
Date: Mon, 16 Jun 2003 10:10:44 +0800
From: Ng Pheng Siong <ngps@netmemetic.com>
To: "James A. Donald" <jamesd@echeque.com>
Cc: cryptography@metzdowd.com
In-Reply-To: <3EEC59DF.9377.150CEDC7@localhost>
On Sun, Jun 15, 2003 at 11:34:55AM -0700, James A. Donald wrote:
> Which is fine provided your code, rather than the framework
> code provided the cookie, and provided you generated the cookie
> in response to a valid login, as Ben Laurie does.. The
> framework, however, generally provides insecure cookies.
Dynamic programming environments like Lisp, Smalltalk and Python allow
the application programmer to replace parts of a framework with other code
easily.
Lisp does it better than Python. Dunno about Java, PHP, whatnot.
Build your applications with a superior programming system.
--
Ng Pheng Siong <ngps@netmemetic.com>
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
