Re: [RFC] Secure Session Module Options by Default

From:	Lester Caine	Date:	Mon, 03 Feb 2014 11:02:09 +0000
Subject:	Re: [RFC] Secure Session Module Options by Default
References:	1 2 3 4 5 6 7 8 9	Groups:	php.internals
Request:	Send a blank email to [email protected] to get a copy of this message

Yasuo Ohgaki wrote:
I see some users are generating unsafe session ID. Purpose of change is
not to generate insecure ID when user want some prefix in session ID.

What's "insecure session ID" and how it is related to the matter we are
discussing?

If there is not a easy way to create secure session ID (Currently, we
don't), users may generate session ID by their own which may be insecure.

Simple question ... does it actually matter?
If a session id is simply used for navigating a visit to a site then as long as it works it's fine? If *I* am working with a secure site then I have another level of security via a VPN connection. As an intermediate for secure financial transactions, it's the service providers who dictate the security used?
Again we seem to be targeting things which are under rules which may be dictated by third party requirements, and third party tools such as ssh?

-- 
Lester Caine - G8HFL
-----------------------------
Contact - http://lsces.co.uk/wiki/?page=contact
L.S.Caine Electronic Services - http://lsces.co.uk
EnquirySolve - http://enquirysolve.com/
Model Engineers Digital Workshop - http://medw.co.uk
Rainbow Digital Media - http://rainbowdigitalmedia.co.uk


   

Thread (30 messages)

• Yasuo OhgakiSat, 01 Feb 2014 22:33:37 +0000
  • Stas MalyshevSat, 01 Feb 2014 22:52:56 +0000
    • Yasuo OhgakiSat, 01 Feb 2014 23:59:59 +0000
      • Yasuo OhgakiSun, 02 Feb 2014 00:06:54 +0000
      • Stas MalyshevSun, 02 Feb 2014 07:14:04 +0000
        • Yasuo OhgakiSun, 02 Feb 2014 09:50:17 +0000
          • Yasuo OhgakiSun, 02 Feb 2014 09:51:51 +0000
          • Stas MalyshevSun, 02 Feb 2014 10:25:50 +0000
            • Yasuo OhgakiMon, 03 Feb 2014 02:08:28 +0000
              • Stas MalyshevMon, 03 Feb 2014 08:23:22 +0000
                • Yasuo OhgakiMon, 03 Feb 2014 10:35:26 +0000
                  • Pierre JoyeMon, 03 Feb 2014 10:43:22 +0000
                    • Yasuo OhgakiMon, 03 Feb 2014 10:47:59 +0000
                  • Lester CaineMon, 03 Feb 2014 11:02:09 +0000
  • Yasuo OhgakiSun, 02 Feb 2014 06:50:03 +0000Re: [RFC] Secure Session Module Options by Default
  • Yasuo OhgakiThu, 06 Feb 2014 06:15:11 +0000Re: [RFC] Secure Session Module Options by Default
    • Yasuo OhgakiThu, 06 Feb 2014 06:26:10 +0000
• Andrey AndreevMon, 03 Feb 2014 07:31:28 +0000Re: [RFC] Secure Session Module Options by Default
  • Yasuo OhgakiMon, 03 Feb 2014 10:18:46 +0000
    • Andrey AndreevMon, 03 Feb 2014 10:54:01 +0000
      • Yasuo OhgakiMon, 03 Feb 2014 21:48:17 +0000
        • Andrey AndreevMon, 03 Feb 2014 22:29:52 +0000
          • Yasuo OhgakiMon, 03 Feb 2014 23:05:06 +0000
            • Andrey AndreevTue, 04 Feb 2014 12:59:33 +0000
              • Yasuo OhgakiWed, 05 Feb 2014 00:13:42 +0000
                • Andrey AndreevWed, 05 Feb 2014 20:00:52 +0000
                  • Yasuo OhgakiWed, 05 Feb 2014 21:58:44 +0000
                    • Andrey AndreevThu, 03 Apr 2014 09:31:58 +0000
                      • Yasuo OhgakiFri, 04 Apr 2014 09:14:07 +0000
                        • Yasuo OhgakiMon, 12 May 2014 08:13:33 +0000