Matthew
Matthew

Reputation: 4617

Packet Sniffing and Sessions

Let us say that I have a website and that I created a session containing an encryption key. Can a packet sniffer such as Fiddler be able to get the contents of this session, thus compromising the website's security?

Upvotes: 1

Views: 251

Answers (1)

nmat
nmat

Reputation: 7591

No because the key never goes through the network between server and browser. Session variables are stored in memory in the server machine. The attacker can only read the key if he gains access to the machine or if he can read from the machine's memory

Upvotes: 2

Related Questions