Nisam bio dovoljno precizan sa recima pa sam napravio malu pometnju...
Dobro, mislim ne aj dobro nego i jeste. Podaci o sesiji mogu da se pamte u folderu na serveru,
ali koliko znam mora se negde cuvati odnosno prenositi ID sesije.
Evo iz knjige Prof. Jim Whitehead - PHP Session Management
Problems with Cookies
• Problems with Cookies
– Browsers can refuse to accept cookies.
– Additionally, it adds network overhead to
send lots of information back and forth.
– There are also limits to the amount of
information that can be sent
– Some information you just don’t want to save
on the client’s computer.
Security of Session Data
• In general, cannot guarantee that session data will
remain private
• Often, the session data files can be read by any web
application on the same server
• The session ID can be grabbed by looking at the GET
parameters (for GET-based passing of the session ID),
or by eavesdropping the on-the-wire protocol (to get the
cookie with the session ID)
– If the session holds a password, someone can then “replay” the
session ID back to the server
• Cookie data, though stored on the client side, are sent
across the wire in-the-clear
– Client machines might be compromised, such as by malicious
software inadvertently downloaded, or by a virus
Mislim da nema svrhe nesto preterano cimati se oko ovakvih pitanja kada postoje druga resenja sto se tice sigurnosti,
ali ovde koliko vidim nije potreban taj nivo sigurost.
Tako da je svejedno sta ce se koristiti. ili mozda gresim?
Iskreno, ni meni ovaj deo nikada nije do kraja razjasnjen jer nisam nikada probao provaliti nesto, sesiju ili kuki.
Znam da se obe stvari mogu provaliti (sve se moze provaliti) samo je pitanje sta lakse i brze.
Nije mi cilj da se prepucavam ovde nego bih hteo necije strucno misljenje sa obrazlozenjem.
Sta je bolje cookie ili sesija za ovakav slucaj?
Ili mozda bolje da otvrama novu temu?
Moje misljenje je da je svejedno sto se tice sigurnosti, presudne su neke druge stvari.
Daaaaa, a kome je stalo da moga misljenja?:)
[Ovu poruku je menjao VladaSu dana 15.07.2007. u 17:05 GMT+1]
[Ovu poruku je menjao VladaSu dana 14.06.2003. u 11:22 GMT+1]