Re: [WebDNA] Secure Cookies
This WebDNA talk-list message is from 2009
It keeps the original formatting.
numero = 103883
interpreted = N
texte = It can be easy depending on countermeasures in place.http://en.wikipedia.org/wiki/Session_hijackingOne super easy way is to store user credentials in the cookie. Forexample, if after logging in as "bill" to a web site, a cookie withthe user name "bill" is stored on the client so that the serverremembers me as "bill" on subsequent requests, the client could readthe cookie and change the credential to "jim." This problem is notsolved by the use of SSL but by not storing user credentials in thecookie such a manner that they can be easily modified.For this reason, it is highly recommended to encrypt data in the cookie.BillOn Sun, Oct 25, 2009 at 9:10 PM, Terry Wilson
wrote:> How does hijacking work, and is it an easy thing to do?
Associated Messages, from the most recent to the oldest:
It can be easy depending on countermeasures in place.http://en.wikipedia.org/wiki/Session_hijackingOne super easy way is to store user credentials in the cookie. Forexample, if after logging in as "bill" to a web site, a cookie withthe user name "bill" is stored on the client so that the serverremembers me as "bill" on subsequent requests, the client could readthe cookie and change the credential to "jim." This problem is notsolved by the use of SSL but by not storing user credentials in thecookie such a manner that they can be easily modified.For this reason, it is highly recommended to encrypt data in the cookie.BillOn Sun, Oct 25, 2009 at 9:10 PM, Terry Wilson wrote:> How does hijacking work, and is it an easy thing to do?
William DeVaul
DOWNLOAD WEBDNA NOW!
Top Articles:
Talk List
The WebDNA community talk-list is the best place to get some help: several hundred extremely proficient programmers with an excellent knowledge of WebDNA and an excellent spirit will deliver all the tips and tricks you can imagine...
Related Readings:
[WebDNA] Dead line Time Math (2017)
[thisurl] file name? (1999)
writefile - continued (1997)
RE: is sku a REQUIRED field on NT (1997)
WebCat2b13 Mac plugin - [sendmail] and checkboxes (1997)
WebCommerce: Folder organization ? (1997)
Browser Problem?!? POST forms and NN 4.0+ browsers (1997)
Explorer 3.0/ Access Denied! (1997)
RE: WebDNA-Talk searchable? (1997)
Web Catalog vs. ICAT (1997)
Weird variable behaviour (2002)
Protect (1997)
StoreBuilder UPS/XML code question ... (2003)
weird G3 happenings (1998)
problems with 2 tags shakur (1997)
Nested tags count question (1997)
AutoCommit Preference? (1998)
Date search - yes or no (1997)
[WebDNA] Test (2009)
suffix mapping, use of cache, etc. (1997)