[sync] session ids
Chuck Hagenbuch
chuck at horde.org
Mon Dec 22 20:29:52 PST 2003
Quoting Anthony Mills <amills at gascard.net>:
> Does anyone think this will causes any problems?
>
> session_id('syncml_' . $sourceRef . '_' . $locName . '_' . $targetRef);
>
> $sourceRef, $locName, $targetRef are sent by the SyncML client, and this
> combination should be unique. I know this is not secure, but the only
> other choice I can think of is to have a mapping, in which case it is
> insecure anyway. If we are truely paranoid, we could use the value
> returned by the password field, if it exists.
I don't feel like I know enough about what's provided during the syncml session.
What do other implementations use for tracking this?
-chuck
--
Charles Hagenbuch, <chuck at horde.org>
"I'm really... I'm not too fascinated by green food." - Average Joe
More information about the sync
mailing list