It's unlikely I suppose, but there's a must-have book you should look at
if you want info on hacks, including browser hacks (Hacking Exposed:
Network Security Secrets and Solutions, 2nd Edition). The cookie hack
that comes to mind only works in IE or MS products (but that's only
what, 90% of the web), but all it is is a line or so of html code that
somebody places on their site (say in an iframe...) that sends them all
your cookie data (if the user uses outlook, they can also just place it
in an email). from there, they use the cookie data to pose as that
person on various sites trying to gain sensitive info. but if you're
already giving them the password, how much more sensitive can you get?
so really, if they don't close their browser for a while, this
possibility increases. and it may be a slim possibility, but it's
better to be safe than sorry.
later
lux
> Well .. I am ... nobody but the user itself can see the login and password
>
> in the cookie. Unless it's on non-SSL connection and somebody is
>
> packet-shiffing around. Otherwise there would be no leak for somebody else
>
> to get this information, is there?
>
> And if the user doesn't logout, the cookie is still destroyed when the
>
> browser is closed anyway.
>
>
>
> Eelco.
--
John Luxford
Simian Systems
w: www.simian.ca
e: [EMAIL PROTECTED]
p: 204.946.5955
--
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
