You are here: silicon.com > Resources > White Papers > Software and Web Development > Internet and Web > IP Technologies

IP Technologies White Papers

Essential PHP Security: Sessions and Cookies

Overview This paper discusses sessions and the inherent risks associated with stateful web applications. The reader will first learn the fundamentals of state, cookies, and sessions; then the paper discusses several concerns - cookie theft, exposed session data, session fixation, and session hijacking - along with practices that one can employ to help prevent them. The rumors are true: HTTP is a stateless protocol. This description recognizes the lack of association between any two HTTP requests. Because the protocol does not provide any method that the client can use to identify itself, the server cannot distinguish between clients.

Further White Paper Details
Publisher	O'Reilly Media	File Format	PDF
Date Published	October 2005
Format	White Papers
Topics	IP Technologies, Security Management

Did you find this white paper useful? 1 out of 5 users found this white paper useful

BT warns: It's not good to chalk

Warchalkers insisted that their activities are not harmful, and have strongly rejected the claim that gaining unauthorised access to a WLAN is theft. Nor does it prevent them from using their network in most cases they're not likely to notice.

Channel:
Security Strategy

Companies told 'do more to prevent ID theft'

Police say companies need to be more aware of the growing risk of corporate identity theft, following a recent spate of frauds that targeted customers of several high street banks. Nigel Miller, commerce and technology partner at law firm Fox...

Channel:
Law & Policy

Web users reject cookies

Lawmakers and consumer lobbies have been considering the impact of cookies, and network security company Netcraft on Monday pointed out the risks to personal information posed by the theft of cookies by attackers using cross-scripting flaws.

Channel:
Security Strategy

"Two-factor authentication won't stop ID theft"

It's not going to prevent identity theft," he wrote. People are selling two-factor authentication as the solution to our current identity-theft problems, but it was designed to solve the issues from 10 years ago.

Channel:
Security Strategy

RFID-chipped passports cross the pond

They employ a "multilayered approach" to protect privacy and reduce the possibility that passers by can skim data from the books, the agency said. The document will also employ a cryptographic technique called Basic Access Control, which means the...

Businesses tackle laptop theft data security risks

Businesses are using encryption, thin-client and other security technologies to tackle the increasing problem of laptop theft and the associated risk to corporate data. But Paul Hopkins, IT director at Newcastle University, said more needs to be...

Virtualisation: Architectual Considerations and other Evaluation Criteria

In the past several years, server virtualisation technology has moved quickly and firmly into the IT mainstream. Of the many approaches to system virtualisation available in the market today, VMware's hypervisor architecture has gained the greatest market acceptance. This paper examines the architectural issues, solution support, and enterprise readiness required when deploying such a virtualisation solution.

Publisher:
EMC

Getting Started with Master Data Management

Master data management forms part of an overall enterprise governance program that aims to establish trusted data throughout the enterprise. This white paper from Mike Ferguson of Intelligent Business Strategies defines master data, examines why it is needed, and explores methodologies for implementing master data management.

Publisher:
DataFlux

Optimising Storage with Global File Virtualisation

This white paper will provide an overview on how Rainfinity Global File Virtualisation virtualises unstructured data environments and moves data -including active, open files-without disruption to users or applications. Rainfinity is the only enterprise-class file virtualisation solution, and delivers complete NAS optimisation across geterogeneous environments, such as NAS, CAS, and file servers.

Publisher:
EMC

Also on silicon.com

Site Navigation:

IP Technologies White Papers

Essential PHP Security: Sessions and Cookies

Quick Sitemap Links:

About Us

Search

Blogs

Verticals

Advertising Features

CNET Networks in Europe

CNET Networks in the United States

CNET Networks in Asia Pacific