Comment Re:Shamless Plug (Score 1) 130
Guess what, there are no enforceable rules about what a client (i.e. browser) can or cannot do. If a session is hijackable, relying on the inability to run javascript is useless. The key is whether session IDs are random or not as you alluded to. There is indeed a random section in my sessionID, just not the entire thing.
I appreciate your suggestions, but you might want to be carefull how high you get on that horse assuming others have no clue what they're doing.
Your statements such as Under no circumstance should your site allow javascript to run and it is just likely to exist considering the possibility of running arbitrary javascript with zero effort have no basis in facts, they are merely attempts to allude to your incredible hacking skills. ;)
As I mentioned previously, I appreciate feedback, but please do not portray your suspicions about my site as facts.
I appreciate your suggestions, but you might want to be carefull how high you get on that horse assuming others have no clue what they're doing.
Your statements such as Under no circumstance should your site allow javascript to run and it is just likely to exist considering the possibility of running arbitrary javascript with zero effort have no basis in facts, they are merely attempts to allude to your incredible hacking skills.
As I mentioned previously, I appreciate feedback, but please do not portray your suspicions about my site as facts.
