All,
Apologies. That should have started, "As Thomas rightly points out..."
--
Aaron
On Dec 5, 2007 3:37 PM, Aaron Katz <atkatz_at_gmail.com> wrote:
> Thomas,
>
> It's rather an axiom, at this point, that it's unsafe to trust a
> client - an untrusted client (as discussed in this case) even more.
>
> --
> Aaron
>
>
> On Dec 5, 2007 2:27 AM, Thomas <tom_at_electric-sheep.org> wrote:
> >
> > > -Ensure the session times out in a reasonable amount of time
> >
> > Timeouts have to be enforced by the server because cookie lifetime is not
> > mandatory and can be ignored or/and modified by the client.
> >
> > --
> > Tom <tom_at_electric-sheep.org>
> > fingerprint = F055 43E5 1F3C 4F4F 9182 CD59 DBC6 111A 8516 8DBF
> >
> > -------------------------------------------------------------------------
> >
> > Sponsored by: Watchfire
> > Methodologies & Tools for Web Application Security Assessment
> > With the rapid rise in the number and types of security threats, web application security assessments should be considered a crucial phase in the development of any web application. What methodology should be followed? What tools can accelerate the assessment process? Download this Whitepaper today!
> >
> > https://www.watchfire.com/securearea/whitepapers.aspx?id=70170000000940F
> > -------------------------------------------------------------------------
> >
> >
>
-------------------------------------------------------------------------
Sponsored by: Watchfire
Methodologies & Tools for Web Application Security Assessment
With the rapid rise in the number and types of security threats, web application security assessments should be considered a crucial phase in the development of any web application. What methodology should be followed? What tools can accelerate the assessment process? Download this Whitepaper today!
https://www.watchfire.com/securearea/whitepapers.aspx?id=70170000000940F
-------------------------------------------------------------------------
Received on Dec 05 2007
Intro
