Preventative measures have also been taken to protect against session fixation attacks.
Tomcat 7还针对会话固定攻击(session fixation attack)采取了一些防御措施。
A session fixation attack is designed to force the session ID of a client to an explicit, known value.
会话固定攻击就是将客户端的会话id强制设置为一个明确的已知值。
Authenticating a user at the server without first invalidating existing sessions can lead to what is termed session fixation.
在服务器上验证一个用户之前,如果没有首先使现有会话失效,可能会导致所谓的会话固定。
Session fixation allows intruders to intercept authenticated sessions or to create new sessions and to capture the session identifier.
会话固定允许入侵者截获验证后的会话,或者创建新会话并捕获会话标识符。
Jacob gave examples of some of the vulnerabilities like Cross-Site Scripting (XSS), Cross-Site Request Forgery (CSRF), HTTP Response Splitting, Session Fixation, and SQL Injection.
Jacob对其中的一些弱点给出了示例,像跨站点脚本攻击(XSS)、跨站点伪造请求(CSRF)、HTTP响应分割、会话固定攻击以及SQL注入攻击等等。
Does regenerating a session ID help prevent fixation, hijacking or both?
是再生的会话id,帮助防止固定,劫持或两个?
Does regenerating a session ID help prevent fixation, hijacking or both?
是再生的会话id,帮助防止固定,劫持或两个?
应用推荐