BLU Discuss list archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

php ultranoob session question

Subject: php ultranoob session question
From: EChadbourne-3av5VAs6qClGBRGhe+f61g at public.gmane.org (Eric Chadbourne)
Date: Mon, 31 Aug 2009 10:06:50 -0400
In-reply-to: <alpine.DEB.1.00.0908310950330.5033-zqTzHlYdEblkz/h4BFl7+kEOCMrvLtNR@public.gmane.org>
References: <4A99E77B.7070401@newmag.org> <913D0EDB52229C439F7D8AE5BBF1400A80EB74@tgt-exch1.blackbaud.com> <alpine.DEB.1.00.0908310950330.5033@buddha.badbelly.com>

> Sounds like you just created your own new version of session handling
> without the years of experience gone into the native implementation.
> 
> Here's the OWASP top 10 list section on Authentication and Session
> Management.
> 
> http://www.owasp.org/index.php/Top_10_2007-A7
> 
> First item on the list:
> 
> # Only use the inbuilt session management mechanism. Do not write or
> use
> secondary session handlers under any circumstances.
> 
> --
> Greg

Oh man I had never heard of OWASP.  I'll spend some time digging around
this site.  Many thanks!
- Eric C

References:
- php ultranoob session question
  - From: eric-yrHdaQSNc4gdnm+yROfE0A at public.gmane.org (Eric Chadbourne)
- php ultranoob session question
  - From: EChadbourne-3av5VAs6qClGBRGhe+f61g at public.gmane.org (Eric Chadbourne)
- php ultranoob session question
  - From: gboyce-qL0WqcyiFk9Wk0Htik3J/w at public.gmane.org (Gregory Boyce)

Prev by Date: php ultranoob session question
Next by Date: php ultranoob session question
Previous by thread: php ultranoob session question
Next by thread: php ultranoob session question
Index(es):
- Date
- Thread


BLU is a member of BostonUserGroups
We also thank MIT for the use of their facilities.

Boston Linux & Unix / webmaster@blu.org