IMPORTANT: Per accedir als fitxer de subversion: http://acacha.org/svn (sense password). Poc a poc s'aniran migrant els enllaços. Encara però funciona el subversion de la farga però no se sap fins quan... (usuari: prova i la paraula de pas 123456)

Seguretat

Session Specific Attacks

Through the use of sessions your identity is maintained as you use a website, and just as in real life identity theft is a concern. By taking over your session an attacker would essentially become you on a website, with access to all of the actions, information and privileges that entails.

The main thing that an attacker needs to steal a session is the session ID. There are three ways an attacker normally goings about doing this, all of which can be protected against but are, by default, completely open.

  • Guess the ID: most session handlers generate ids that make this impractical.
  • Steal the ID: by using malware, sniffing the network, or exploiting javascript exploits attackers can get the value from the cookie itself.
  • Set the ID: rather than steal or guess the ID an attacker may try and set it to a value they choose.

Resources:

PHP Session blocking i peticions concurrents (AJAX)

Resoruces:

Vegeu també

Laravel suport múltiples implementacions amb múltiples drivers:

  • file - sessions are stored in storage/framework/sessions. DEFAULT
  • cookie - sessions are stored in secure, encrypted cookies.
  • database - sessions are stored in a database used by your application.
  • memcached / redis - sessions are stored in one of these fast, cache based stores.

Resources:

Enllaços externs