Skip to Content
Pro PHP Security: From Application Security Principles to the Implementation of XSS Defenses, Second Edition
book

Pro PHP Security: From Application Security Principles to the Implementation of XSS Defenses, Second Edition

by Chris Snyder, Michael Southwell, Thomas Myer
December 2010
Intermediate to advanced
363 pages
12h 21m
English
Apress
Content preview from Pro PHP Security: From Application Security Principles to the Implementation of XSS Defenses, Second Edition

Preventing Session Abuse

We offer now a variety of recommendations for preventing session abuse, ranging from the complex but absolutely effective, to the easy but only mildly effective.

Use Secure Sockets Layer

Our primary recommendation for preventing session abuse is this: if a connection is worth protecting with a password, then it is worth protecting with SSL or TLS (which we'll discuss in Chapter 16). SSL provides the following protection:

  • By encrypting the value of the session cookie as it passes back and forth from client to server, SSL keeps the session ID out of the hands of anyone listening in at any network hop between client and server and back again.
  • By positively authenticating the server with a trusted signature, SSL can prevent ...
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.
Start your free trial

You might also like

Essential PHP Security

Essential PHP Security

Chris Shiflett
Securing PHP Apps
Preventing Web Attacks with Apache
What's New in Apache Web Server 2.2?

Publisher Resources

ISBN: 9781430233183Purchase book