Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?php
- /**
- * Starts a PHP session and dump a random number
- */
- session_start();
- // do some stuff...
- $password = mt_rand();
- $otherRandomToken = rand();
- $nettePass = Nette\Utils\Strings::random();
- // Question 1: which of these is/are random?
- // Question 2: which of these is/are unpredictable by an attacker?
- // Answer 1: all three
- // Answer 2: none, all can be recovered only from sessionId, precisely (i.e. attacker won't even have to try several possibilities)
Advertisement
Add Comment
Please, Sign In to add comment
