黑客是否有可能在我的服务器上找到会话变量的值? [关闭]
问题描述:
Is it possible for someone (hacker), to somehow get a hold of the value of a session variable that is active.
某人(黑客)是否有可能以某种方式获得活跃的会话变量的值 。 p> div>
答
In the normal course of events, the only information about a session available to the client is the session ID.
For data stored on the server (even if it connected to the session ID) to be visible to the client then you need either:
- To expose it explicitly
- To have a security vulnerability