security breach in relation to forged cookies
should do away with cookies for current-authentication and force a re-authentication every logon and do IP related filtering in conjunction with username and password and go back to .com and .co.uk domains .. for example a Chinese IP would have no business trying to access a .co.uk domain then should automatically be blocked without added authentication i.e a SMS message to the account holder .. its all about the "layers" of security ... do i have to do all thinking for yahoo or what ? lol
234th
ranked
stuart
shared this idea