Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
D
D
ds00lon2015-10-22 17:38:13
PHP
ds00lon, 2015-10-22 17:38:13

Can a cookie harm the site in any way?

  1. If the incoming cookie is not sent to mysql and is not used in the database query, but is only used in the php code, can an attacker somehow harm the site?
  2. Can an attacker harm the site by sending cookies with names (cookies) that are not used on the site and are not processed accordingly? (For example, the site only uses the login: cookie, and it will also send a1:adfksklf )
  3. If an attacker substitutes his value in PHPSESSID, for example, what kind of code can it harm the site?

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

1 answer(s)
Report
A
Aleksey Ratnikov, 2015-10-23
@ds00lon

Quote from documentation :
So this setting is off by default . This means that if in this scenario you start getting several of these requests per second, each of which opens a new session, you will very quickly hit the limit on the number of open files (because session.save_handler defaults to files):
Read the PHP section on session security , there are many interesting things.

Similar questions
R
Rooly2021-03-23 11:40:40
How to properly organize apiResource Laravel? 2Reply
S
Sergey Buben2016-06-16 11:37:54
How to add a second price in VirtueMart in Joomla? 3Reply
E
ezh_official2021-07-18 22:08:55
How to issue another file on request? 3Reply
I
Ivanko2018-03-26 10:31:47
The best PHP forum? 3Reply
M
Messi2018-03-26 10:52:25
What does codeception unit tests mean? 1Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question