会话固定攻击就是将客户端的会话id强制设置为一个明确的已知值。
A session fixation attack is designed to force the session ID of a client to an explicit, known value.
Tomcat 7还针对会话固定攻击(sessionfixation attack)采取了一些防御措施。
Preventative measures have also been taken to protect against session fixation attacks.
Jacob对其中的一些弱点给出了示例,像跨站点脚本攻击(XSS)、跨站点伪造请求(CSRF)、HTTP响应分割、会话固定攻击以及SQL注入攻击等等。
Jacob gave examples of some of the vulnerabilities like Cross-Site Scripting (XSS), Cross-Site Request Forgery (CSRF), HTTP Response Splitting, Session Fixation, and SQL Injection.
Jacob对其中的一些弱点给出了示例,像跨站点脚本攻击(XSS)、跨站点伪造请求(CSRF)、HTTP响应分割、会话固定攻击以及SQL注入攻击等等。
Jacob gave examples of some of the vulnerabilities like Cross-Site Scripting (XSS), Cross-Site Request Forgery (CSRF), HTTP Response Splitting, Session Fixation, and SQL Injection.
应用推荐