Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
H
H
hloya_ram2018-11-07 07:03:26
User identification
hloya_ram, 2018-11-07 07:03:26

Why is a randomly generated hash safer than a user's session ID?

Hello, I would like to clarify.
If an attacker steals the administrator session cookie, he will become an administrator himself.
Similarly, if an attacker steals a username and password.
Why then is it said that a random session hash is safer than a hash created based on, say, login+password_hash+sesure_string ?

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

1 answer(s)
Report
D
Dimonchik, 2018-11-07
@hloya_ram

harder to steal than picking up a sesure_string and then sorting through typical password hashes

Similar questions
A
Alex Wells2016-04-17 17:37:29
JWT Auth + Social? 2Reply
H
hckn2018-09-15 18:42:14
Do you want to delete the session or its parameter on logout? 0Reply
V
ViktorGuerro2018-09-15 23:39:42
How to make access to the site through authorization? 2Reply
M
Maxim Malikov2016-04-19 11:54:34
What should be the url for REST authentication? 1Reply
A
Alex Goncharov2018-09-16 17:59:03
How to prohibit parallel (simultaneous) use of one account by different users? 6Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question