Re: Help me finish Protector documentation :)
List posts in the topic
Re: Help me finish Protector documentation :)
msg# 1.1
1)¡Æsession.use_trans_sid¡É: on
[WHAT IS THIS AND HOW TO FIX IT?]
You may fix it in .htaccess
php_flag session.use_trans_sid off
2) [RELIABLE IPs DON¡ÇT GET BANNED?]
No. reliable IP won't be banned.
3)Protected IP bits for the session
[NOT SURE HOW THIS WORKS - CLOSES YOUR SESSION IF YOUR IP CHANGES?]
Some client moves his/her IP in some ranges.
eg)
192.168.1.3 - 1st access
192.168.1.203 - 2nd access
192.168.1.112 - 3rd access
All accesses should store the session.
In this case, 24bit is useful.
- 24bit protection
- A cracker knows the session_id
- access from 192.168.2.3 with the session_id
This session hi-jack never occurred.
I think 16bit is balanced value between IP round-range and cracker attacking possibility.
4) Force intval to variables like id
[ANYONE KNOW WHAT MODULES? I'VE NEVER HAD A PROBLEM WITH THIS]
Older weblog have the problem.
But the author tohokuaiki had already fixed it.
Votes:0
Average:0.00
Posts tree