Yes snooping the networking and picking up session ID is possible. There
are many ways to avoid this risk
1. Use SSL
2. Use a challenge-response meachanism
3. tie the session ID with the useragent/cookie so that even if someone
steals it, it wont work on his machine
- kalyan
On Sun, 3 Aug 2003, Hemant wrote:
> Hi ,
> I dunno if this was the right forum to post these
> questions.
>
> But here goes...
> In a web based application, lets say a client browser
> has logged in (using UserName and password) to a
> server application. So lets say the web server has
> assigned a sessionId to the client browser. Now, are
> there any programs (malicious ones) which snoop on
> connections between a client and server to look for
> such sessionId and use that to break into systems? Can
> this please be answered with some explanation.
>
> Can anyone please suggest some links of where i can
> find related info.
>
> Thanx,
> -hemant
>
>
> __________________________________
> Do you Yahoo!?
> Yahoo! SiteBuilder - Free, easy-to-use web site design software
>
http://sitebuilder.yahoo.com
>
>
> ---------------------------------------
> This is the Students IPv6 mailing List.
>
>
> Your use of Yahoo! Groups is subject to
http://docs.yahoo.com/info/terms/
>
>
>
>
Having problems with message search?
Fill out this form to ensure your group is one of the first to be migrated to the new message search system.
Offline 
Send Email