Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
H
H
hloya_ram2018-11-07 07:03:26
User identification
hloya_ram, 2018-11-07 07:03:26

Why is a randomly generated hash safer than a user's session ID?

Hello, I would like to clarify.
If an attacker steals the administrator session cookie, he will become an administrator himself.
Similarly, if an attacker steals a username and password.
Why then is it said that a random session hash is safer than a hash created based on, say, login+password_hash+sesure_string ?

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

1 answer(s)
Report
D
Dimonchik, 2018-11-07
@hloya_ram

harder to steal than picking up a sesure_string and then sorting through typical password hashes

Similar questions
B
BMaks_N12019-02-26 00:36:59
How to arrange authorization in a React application? 2Reply
V
Vitaly2016-09-30 11:40:13
Zimbra - is it possible to authorize only from the local network for a group of users? 2Reply
N
n_smirnov2016-10-11 14:37:40
How to close the authorization window through classmates in IOS? 0Reply
S
SanchezBoy2014-10-23 21:04:19
What social networks give the rights to the user's e-mail? 1Reply
A
alexanderbondarchuk2014-10-24 10:23:13
Authorization in ASP.NET, access to a protected area. How right? 1Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question