Follow Slashdot stories on Twitter

 



Forgot your password?
typodupeerror

Slashdot videos: Now with more Slashdot!

  • View

  • Discuss

  • Share

We've improved Slashdot's video section; now you can view our video interviews, product close-ups and site visits with all the usual Slashdot options to comment, share, etc. No more walled garden! It's a work in progress -- we hope you'll check it out (Learn more about the recent updates).

×
Privacy

+ - Google App Engine open to session jacking ->

Submitted by mask.of.sanity
mask.of.sanity (1228908) writes "A still-active flaw has been discovered in Google Apps Engine that allows user sessions to be hijacked.

The researcher who discovered the flaw used the Cookie Cadger tool to hijack a session over an unprotected wireless network and was granted full admin access to the user's database.

The specific conditions under which the flaw exists were not revealed. It was a flaw only because Google forces its Apps Engine users onto encrypted HTTPS which prevents this type of interception."

Link to Original Source
This discussion was created for logged-in users only, but now has been archived. No new comments can be posted.

Google App Engine open to session jacking

Comments Filter:

In Nature there are neither rewards nor punishments, there are consequences. -- R.G. Ingersoll

Working...