On Jul 8, 2005, at 12:31 PM, Edward Vermillion wrote:
On Jul 8, 2005, at 12:02 PM, Ezra Nugroho wrote:
I am just wondering, how could someone craft an html to steal cookies?
If your cookie distribution is done right, I don't think you need to
worry about this.
That's what XSS is all about. I don't have the link handy but I do
have a PDF file that I found
a while back that explains how this happens, and to tell the truth, it
scared the s*** outa me.
To the point that I really don't trust any online commerce, although I
do still use it, just as
I still give the waitress/waiter my credit card at a restaurant, even
though I know that's where
most of the identity theft/stolen CC numbers comes from.
Here's one of the links http://www.acros.si/papers/session_fixation.pdf
Edward Vermillion
evermillion@xxxxxxxxxxxx
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
