[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Let's talk about HTTPS Everywhere

On Thu, 20 Jan 2011 03:36:03 -0600
Dave Sherohman <dave@sherohman.org> wrote:

...

> Some sites do associate the originating IP address with the session data
> to help protect against session hijacking, but this is not overly
> widespread and, even when it is employed, it has issues with proxies
> (which can cause multiple users to appear on a single address) or
> reverse proxies (which can cause a single user to appear on multiple
> addresses), so https really is the only surefire way to prevent it.

And it also won't help against an attacker who can use your IP address,
such as a MITM attacker from the local network segment.

Celejar
-- 
foffl.sourceforge.net - Feeds OFFLine, an offline RSS/Atom aggregator
mailmin.sourceforge.net - remote access via secure (OpenPGP) email
ssuds.sourceforge.net - A Simple Sudoku Solver and Generator
Reply to: