alomejor es seguro contra SQLiyection pero justo ahora estoy investigando sobre impersonation attack.
Cita: The most crucial piece of information for an attacker is the session identifier, because this is required for any impersonation attack. There are three common methods used to obtain a valid session identifier:
■Prediction
■Capture
■Fixation
http://phpsec.org/projects/guide/4.html que opinan ustesdes? el login del compañero es seguro?