Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Web-App-Sec
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Correct Session Authentication

from [Santiago Rocandio] Network Security [Permanent Link]
Subject: Re: Correct Session Authentication
Date: Sat, 29 Jul 2006 15:22:34 -0300
"Every page that a user needs to be authenticated to see checks to see that the user id stored in the session is greater than 0, if not the user is classed as not authorised as 0 is not a valid user id."

If your application use user rights levels, don't forget to check that in every .php page too. Becouse if you only check that session is grater than 0, an authenticated user with right level 1 can get a url that only a user with right level 2 should see.

Santiago. ___/\/\/\/\/\/\/\/\/\/\(°°)

PD: take a look of... http://www.owasp.org

xbennx@hotmail.co.uk wrote: 
I've been developing a shopping cart for my friends company and have just 
started using sessions to authenticate people. After reading many tutorials on 
the internet about sessions and PHP I coded a login page. I keep hearing about 
session id's but all the tutorials I read didn't mention them.

When a user logs on, the username and password are sent via SSL and the md5 
hash is then checked against a hash stored in database. If the credentials are 
found in the database, the users id is return and stored in a session. If the 
credentials are not found this session value is 0. Every page that a user needs 
to be authenticated to see checks to see that the user id stored in the session 
is greater than 0, if not the user is classed as not authorised as 0 is not a 
valid user id.

Is this method secure or can it be easily bypassed? 

Another thing I was wondering is where are sessions values actually stored? 
I've read that they're stored in cookies but I always thought there was a 
seperate function in php to create cookies?

Sorry this is so long, any help will be much appreciated.

Thanks

-------------------------------------------------------------------------
Sponsored by: Watchfire

AppScan 6.5 is now available! New features for Web Services Testing, Advanced Automated Capabilities for Penetration Testers, PCI Compliance Reporting, Token Analysis, Authentication testing, Automated JavaScript execution and much more. Download a Free Trial of AppScan today!

https://www.watchfire.com/securearea/appscancamp.aspx?id=70150000000CYkc
-------------------------------------------------------------------------




-------------------------------------------------------------------------
Sponsored by: Watchfire

AppScan 6.5 is now available! New features for Web Services Testing, Advanced Automated Capabilities for Penetration Testers, PCI Compliance Reporting, Token Analysis, Authentication testing, Automated JavaScript execution and much more. Download a Free Trial of AppScan today!

https://www.watchfire.com/securearea/appscancamp.aspx?id=70150000000CYkc
-------------------------------------------------------------------------

[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Correct Session Authentication, Balazs Attila-Mihaly (Cd-MaN)
Next by Date:  Re: Correct Session Authentication, Dean H. Saxe
Previous by Thread:  Re: Correct Session Authentication, Dean H. Saxe
Indexes:  [Date] [Thread] [Top] [All Lists]