Am 2007-08-21 19:34:24, schrieb Kelvin Park:
> Hello, thanks for all the replies.
> However, since I'm not very familiar with trans_sid I'll do some research on
> that.
>
> Michelle Konzack, if hiding the id in hidden form field element or enabling
> trans_sid could lead to security risks, what would you recommend as an
> alternative method to safely transfer user information across different
> pages in a website?
>
> Thank you.
1) I have a Server where the $USER authenticate and it store the
infos (IP, USER-AGENT, ...) there.
2) Then, after successfull autentication the $USER is redirected to
the real Website with an onetime ID in the URLetc.
3) The "real" Website get its infos from the AUTH-Server and check
it against the onetime ID in the URL
I had to do this, since I am working over a bunch of Servers, where
COOKIES would only be readable form the same Website which had set
the COOKIE
Greetings
Michelle Konzack
Systemadministrator
Tamay Dogan Network
Debian GNU/Linux Consultant
--
Linux-User #280138 with the Linux Counter, http://counter.li.org/
##################### Debian GNU/Linux Consultant #####################
Michelle Konzack Apt. 917 ICQ #328449886
50, rue de Soultz MSN LinuxMichi
0033/6/61925193 67100 Strasbourg/France IRC #Debian (irc.icq.com)
<<attachment: signature.pgp>>
