Become a fan of Slashdot on Facebook

 



Forgot your password?
typodupeerror

Comment Re:Seriously, what the fuck! (Score 1) 371

Hashing the account number (and other info) into an identifier in that cookie, then using that as the session ID, and only allowing access to that one account from that port until another session was authenticated on it, would be more proper.

I don't see why you are coupling the session of the user with the account on the client side. The id of the cookie is arbitrary to the extent that it is unique, and the server will have a lookup of what cookie is with what account. It seems as if with the above approach, subsequent programmers could be misled into thinking there is some trust associated with the cookie identifier and enable some reverse lookup backdoor functionality.

Submission + - Ask Slashdot: Uses For A Small Office Server

ragnvaldr writes: "I'm the "IT guy" for an office of about a dozen people. And when I say IT guy, I mean I'm the only one here who can use google well enough to figure out how to make things work. We have a 500GB Mac server with a Drobo with 6TB of storage attached. So far all this server does is back up data, and I want to make it a little more useful. We also have a Filemaker server on it, which I have yet to learn how to use at all, let alone efficiently. Any suggestions to make this machine a little more useful?"

Slashdot Top Deals

The cost of feathers has risen, even down is up!

Working...