PHPDeveloper.org: Christopher Kunz's Blog: Strict session handling in PHP

	News Feed
	Jobs Feed

Sections

Tutorials

Books

Events

Talks

Jobs

Recent Jobs

Job Posting: Bayser Consulting Seeks Analytical Programmer (Skokie, IL)

Job Posting: Revelation Partners (Recruiter) Seeks Mid-Principal PHP Developer (Boston, MA)

Dave Marshall's Blog: Competition: PHP Job Hunters Handbook up for grabs

Job Posting: LIVESTRONG.com/Demand Media Inc. Seeks Senior PHP Software Developer (Santa Monica, CA)

Job Posting: Children's Hospital Boston Seeks Open Source Web Developer (Boston, MA)

Job Posting: eReleases Seeks Zend/PHP Developer (Baltimore, MD)

Job Posting: Chegg Seeks Senior PHP Developer (Santa Clara, CA)

Job Posting: TEKSystems (Recruiter) Seeks PHP Web Application Developers (Tampa, FL)

Job Posting: Quinstreet, Inc. Seeks Sr. PHP Developer (Foster City, CA)

Job Posting: WideEye Interactive/Moroch Advertising Seeks Web Developer (Dallas, TX)

News Archive

Ken Guest's Blog: PHP for Enterprise/Business Whitepaper

PHPImpact Blog: PHP: Spaghetti alla Bolognese

CSS-Tricks.com: PHP for Beginners: Building Your First Simple CMS

IBuildings Blog: Book Review: TYPO3 Extension Development

Job Posting: Bayser Consulting Seeks Analytical Programmer (Skokie, IL)

Vinu Thomas' Blog: PHP functions in Javascript using PHP.JS

Job Posting: Revelation Partners (Recruiter) Seeks Mid-Principal PHP Developer (Boston, MA)

Community News: php|architect Free Webcast Series

Site News: Popular Posts for the Week of 01.09.2009

ElePHPant World Tour: The Elephpant World Tour 2008 is done!

Christopher Kunz's Blog:
Strict session handling in PHP

by Chris Cornutt November 22, 2005 @ 05:46:11

Christopher Kunz has this new post today on his blog with at look at "strict session handling in PHP".

PHP has a permissive session system. This has been decided way before I came into the PHP world (I guess in preparation of 4.0), and the reasons for this decision are kinda lost in transit. However, with a small patch by Hardened-PHP Project buddy Stefan esser, this might now change.

A small patch against PHP's ext/session and ext/sqlite adds two new handler functions to validate and create session IDs, as well as the php.ini setting.

This setting would allow for more enhanced session handling (removing the ability to spoof sessions via a SID), and other problems (SQL injections, XSS attacks, etc). You can check out more on the Hardened-PHP page...

0 comments voice your opinion now!
php session handling hardened-php php session handling hardened-php

Similar Posts

Oracle Technology Network: Building PHP Applications Using the ATK Framework

PHP Magazine: Moving to a PDF Only Format

Community News: Reminder of First php|architect Pro-PHP Podcast

DevShed: Storing PHP Sessions in a Database

Rudd-o.com: 5 minutes to finding issues in production PHP Web applications

Community Events

Don't see your event here?
Let us know!

All content copyright, 2009 PHPDeveloper.org :: info@phpdeveloper.org - Powered by the Solar PHP Framework