|
WebApp Sec
mailing list archives
Re: Session Fixation
From: Fred van Engen <fred.van.engen () xbn nl>
Date: Tue, 1 Apr 2003 23:01:56 +0200
Hi,
On Tue, Apr 01, 2003 at 09:50:32AM +0100, Ian wrote:
Has anyone put the Internet Explorer ^Super Cookie^ to use ?
For the particular app I am working on, I can guarantee that all the
user are connecting with IE over ssl. Plus they all (mainly) go
through a router from the same LAN, thus appear to have the same IP.
I am currently logging the super cookie to try and determine if it
really is unique enough.
From this description I can not determine your exact situation, but
you might be interested in the provacy settings of the WMedia Player.
The default in WMedia 9 is not to send a unique Player ID and not to
return it through script calls. You'll always get the same Player ID
from every player, i.e. {3300AD50-2C39-46c0-AE0A-000000000000}.
The Windows XP WMedia Player (version 8) returns a supposedly random
Player ID {3300AD50-2C39-46c0-AE0A-XXXXXXXXXXXX}.
So it seems you must force your users to enable unique Player ID's, the
value of which they could even change in the registry if they like.
Regards,
Fred.
--
Fred van Engen XB Networks B.V.
email: fred.van.engen () xbn nl Televisieweg 2
tel: +31 36 5462400 1322 AC Almere
fax: +31 36 5462424 The Netherlands
 By Date 
By Thread
Current thread:
| 
Intro
