Generating Unique Keys
Mongryong
Mongryong at sympatico.ca
Sat Jan 25 16:43:33 EST 2003
> Because then a malicious user could easily get access to someone
> else's web session, since they know keys are sequential. The
> requirement wasn't stated, but it's generally a valid to assume the
> webmaster doesn't want this to happen.
Even with a 'randomly' generated session key, a malicious user can still
steal the session key of a active user. Is there an algorithm or
solution to this security risk?
More information about the Python-list
mailing list