 |
Home
| Calendar
| Mail Lists
| List Archives
| Desktop SIG
| Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings Linux Cafe | Meeting Notes | Linux Links | About BLU |
|
Home
| Calendar
| Mail Lists
| List Archives
| Desktop SIG
| Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings Linux Cafe | Meeting Notes | Linux Links | About BLU |
On Mon, 31 Aug 2009, Eric Chadbourne wrote: >> Sounds like you just created your own new version of session handling >> without the years of experience gone into the native implementation. >> >> Here's the OWASP top 10 list section on Authentication and Session >> Management. >> >> http://www.owasp.org/index.php/Top_10_2007-A7 >> >> First item on the list: >> >> # Only use the inbuilt session management mechanism. Do not write or >> use >> secondary session handlers under any circumstances. >> >> -- >> Greg > > Oh man I had never heard of OWASP. I'll spend some time digging around > this site. Many thanks! > - Eric C Definitely a good read if you're planning on doing web development. Their WebGoat tool is also very useful for seeing how easy it is to break web applications. -- Greg
