session key problem
Posted: Wed Jan 18, 2006 10:14 am
hi all.. thanx for everyone who replied to my last post.
i use SSL for my web site transactions, i'm worried that if there is on the network a hacker with a sniffer program to capture packets sent from and to my clients. the packet and the session key are encrypted and i guarantee that he cannot read anything from the packet, but ..... what if he captured the encrypted session key and used it to intercept the client's session.
is there any solution other than using client's certificates?? i check in my sessions for the client IP address but this is not enough coz the hacker might use the same IP addresses in the packet (IP spoofing).
thanx in advance
i use SSL for my web site transactions, i'm worried that if there is on the network a hacker with a sniffer program to capture packets sent from and to my clients. the packet and the session key are encrypted and i guarantee that he cannot read anything from the packet, but ..... what if he captured the encrypted session key and used it to intercept the client's session.
is there any solution other than using client's certificates?? i check in my sessions for the client IP address but this is not enough coz the hacker might use the same IP addresses in the packet (IP spoofing).
thanx in advance