feha
Posts: 712
|
Posted: 07/05/2004, 3:36 PM |
|
At the end of your Common.php file insert this code:
// by www.vision.to
if(!CCGetSession("IP_MD5"))
{
CCSetSession("IP_MD5",md5($_SERVER['REMOTE_ADDR']));
}
if (CCGetSession("IP_MD5")!= md5($_SERVER['REMOTE_ADDR']))
{
echo "INVALID CONNECTION";
exit;
}
in order for a hacker to hijack a session, they need to grab the session id of a user and spoof their IP address
the IP encrypted with md5 is stored hidden in to session variable
if hacker hijack a session he needs to spoof even IP
the IP is stored ServerSide ...
(there is no actual need MD5 but for security reasons ... )
Good Luck
feha
_________________
Regards
feha
www.vision.to
feedpixel.com |