CodeCharge Studio
search Register Login  

Web Reports

Visually create Web Reports in PHP, ASP, .NET, Java, Perl and ColdFusion.
CodeCharge.com

YesSoftware Forums -> CodeCharge Studio -> PHP

 Protect Sessions In CodeChargeStudio

 Print topic Send topic

Author Message
feha


Posts: 712
Posted: 07/05/2004, 3:36 PM
At the end of your Common.php file insert this code:
  
// by www.vision.to   
if(!CCGetSession("IP_MD5"))  
{  
CCSetSession("IP_MD5",md5($_SERVER['REMOTE_ADDR']));  
}  
  
if (CCGetSession("IP_MD5")!= md5($_SERVER['REMOTE_ADDR']))   
{  
echo "INVALID CONNECTION";  
exit;  
}

in order for a hacker to hijack a session, they need to grab the session id of a user and spoof their IP address

the IP encrypted with md5 is stored hidden in to session variable
if hacker hijack a session he needs to spoof even IP
the IP is stored ServerSide ...

(there is no actual need MD5 but for security reasons ... :-))

Good Luck
feha



_________________
Regards
feha

www.vision.to
feedpixel.com
View profile  Send private message

Add new topic Subscribe to topic   


These are Community Forums for users to exchange information.
If you would like to obtain technical product help please visit http://support.yessoftware.com.

Web Database

Join thousands of Web developers who build Web applications with minimal coding.
CodeCharge.com

Home   |    Search   |    Members   |    Register   |    Login


Powered by UltraApps Forum created with CodeCharge Studio
Copyright © 2003-2004 by UltraApps.com  and YesSoftware, Inc.