Follow Slashdot blog updates by subscribing to our blog RSS feed

 



Forgot your password?
typodupeerror
Check out the new SourceForge HTML5 internet speed test! No Flash necessary and runs on all devices. ×
Privacy

Submission + - Google App Engine open to session jacking (scmagazine.com.au)

mask.of.sanity writes: A still-active flaw has been discovered in Google Apps Engine that allows user sessions to be hijacked.

The researcher who discovered the flaw used the Cookie Cadger tool to hijack a session over an unprotected wireless network and was granted full admin access to the user's database.

The specific conditions under which the flaw exists were not revealed. It was a flaw only because Google forces its Apps Engine users onto encrypted HTTPS which prevents this type of interception.

This discussion was created for logged-in users only, but now has been archived. No new comments can be posted.

Google App Engine open to session jacking

Comments Filter:

"Consider a spherical bear, in simple harmonic motion..." -- Professor in the UCB physics department

Working...