Re: Re: Session handling security

Is this dangerous enough to warrent the speed hit of checking name and pass every time on a site where security is not key (ie I don't use https)?

Thanks,
 	Max

Comment on Re: Re: Session handling security

Replies are listed 'Best First'.
Re: Re: Re: Session handling security by waswas-fng (Curate) on Aug 20, 2002 at 21:17 UTC
Are you providing the sessions or are you using a 3rd party product or are you using perl modules to do it? It really depends why the site is password protected to begin with. If you have no need for security but just have logins to change the look and feel of a site then I would say no. If you have parts of the site that contain personal information or information that is _private_ then I would say it might make sense to deal with the overhead of doing so. The devil is in the details -- what makes sense for one site may not make any for the next. -Waswas	[reply]

Replies are listed 'Best First'.

Re: Re: Re: Session handling security
by waswas-fng (Curate) on Aug 20, 2002 at 21:17 UTC