the problem is that between cookies and network speed, it's 'virtually'
impossible. based on the type of ID you use.
you may opt for a UUID/GUID or a 128bit HASH... so that odds to catch the
same idgive you best odds.
see it this way,
how many chances are there for someone to to brute force attack on an ftp
server ???
even locally on a localhost, almost none, unless the password is ovious.
let me give you an example, it's a piece of cake to crack windows passwords
locally because the time it takes to validate a password is infinitesimal.
(ever heard of l0pht?)
but over the lan, even gigabit... odds are against hackers....
normally hackers dont go throught the front door, they let you stuggle to
barricade the front door, and they surprise you with ease from the back
entrance.
"Jim M" <an********@discussions.microsoft.com> wrote in message
news:%2****************@TK2MSFTNGP12.phx.gbl...
I am curious. If I save an id that points to a users information in a
cookie, is it possible for a hacker to create a tool to set a million
different cookies on his local machine and hit my site until a cookie
value works?
Thanks in advance. If there is a better newsgroup, let me know.
Jim