Re: [WebDNA] Secure Cookies

This WebDNA talk-list message is from

2009


It keeps the original formatting.
numero = 103883
interpreted = N
texte = It can be easy depending on countermeasures in place. http://en.wikipedia.org/wiki/Session_hijacking One super easy way is to store user credentials in the cookie. For example, if after logging in as "bill" to a web site, a cookie with the user name "bill" is stored on the client so that the server remembers me as "bill" on subsequent requests, the client could read the cookie and change the credential to "jim." This problem is not solved by the use of SSL but by not storing user credentials in the cookie such a manner that they can be easily modified. For this reason, it is highly recommended to encrypt data in the cookie. Bill On Sun, Oct 25, 2009 at 9:10 PM, Terry Wilson wrote: > How does hijacking work, and is it an easy thing to do? Associated Messages, from the most recent to the oldest:

    
  1. RE: [WebDNA] Secure Cookies ("Scott @ Itsula" 2020)
  2. Re: [WebDNA] Secure Cookies (christophe.billiottet@webdna.us 2020)
  3. Re: [WebDNA] Secure Cookies (Stuart Tremain 2020)
  4. Re: [WebDNA] Secure Cookies (Brian Harrington 2020)
  5. Re: [WebDNA] Secure Cookies (Stuart Tremain 2020)
  6. RE: [WebDNA] Secure Cookies ("Scott @ Itsula" 2020)
  7. Re: [WebDNA] Secure Cookies (Tom Duke 2020)
  8. RE: [WebDNA] Secure Cookies ("Scott @ Itsula" 2020)
  9. Re: [WebDNA] Secure Cookies (Tom Duke 2020)
  10. Re: [WebDNA] Secure Cookies (christophe.billiottet@webdna.us 2020)
  11. Re: [WebDNA] Secure Cookies (Stuart Tremain 2020)
  12. Re: [WebDNA] Secure Cookies (christophe.billiottet@webdna.us 2020)
  13. Re: [WebDNA] Secure Cookies (Stuart Tremain 2020)
  14. Re: [WebDNA] Secure Cookies (Tom Duke 2020)
  15. RE: [WebDNA] Secure Cookies ("Scott @ Itsula" 2020)
  16. [WebDNA] Secure Cookies - Further reading (Stuart Tremain 2020)
  17. [WebDNA] Secure Cookies (Stuart Tremain 2020)
  18. Re: [WebDNA] Secure cookies (HttpOnly/Secure) ("Dan Strong" 2013)
  19. Re: [WebDNA] Secure cookies (HttpOnly/Secure) (Tom Duke 2013)
  20. Re: [WebDNA] Secure cookies (HttpOnly/Secure) (WebDNA 2013)
  21. [WebDNA] Secure cookies (HttpOnly/Secure) ("Dan Strong" 2013)
  22. Re: [WebDNA] Secure Cookies (Tom Duke 2009)
  23. Re: [WebDNA] Secure Cookies (Tom Duke 2009)
  24. Re: [WebDNA] Secure Cookies (William DeVaul 2009)
  25. Re: [WebDNA] Secure Cookies (Tom Duke 2009)
  26. Re: [WebDNA] Secure Cookies (Frank Nordberg 2009)
  27. Re: [WebDNA] Secure Cookies (Govinda 2009)
  28. Re: [WebDNA] Secure Cookies ("Terry Wilson" 2009)
  29. Re: [WebDNA] Secure Cookies (William DeVaul 2009)
  30. Re: [WebDNA] Secure Cookies (William DeVaul 2009)
  31. Re: [WebDNA] Secure Cookies (Stuart Tremain 2009)
  32. Re: [WebDNA] Secure Cookies (Donovan Brooke 2009)
  33. Re: [WebDNA] Secure Cookies (Stuart Tremain 2009)
  34. Re: [WebDNA] Secure Cookies ("Terry Wilson" 2009)
  35. Re: [WebDNA] Secure Cookies (Stuart Tremain 2009)
  36. Re: [WebDNA] Secure Cookies (William DeVaul 2009)
  37. [WebDNA] Secure Cookies (Stuart Tremain 2009)
It can be easy depending on countermeasures in place. http://en.wikipedia.org/wiki/Session_hijacking One super easy way is to store user credentials in the cookie. For example, if after logging in as "bill" to a web site, a cookie with the user name "bill" is stored on the client so that the server remembers me as "bill" on subsequent requests, the client could read the cookie and change the credential to "jim." This problem is not solved by the use of SSL but by not storing user credentials in the cookie such a manner that they can be easily modified. For this reason, it is highly recommended to encrypt data in the cookie. Bill On Sun, Oct 25, 2009 at 9:10 PM, Terry Wilson wrote: > How does hijacking work, and is it an easy thing to do? William DeVaul

DOWNLOAD WEBDNA NOW!

Top Articles:

Talk List

The WebDNA community talk-list is the best place to get some help: several hundred extremely proficient programmers with an excellent knowledge of WebDNA and an excellent spirit will deliver all the tips and tricks you can imagine...

Related Readings:

[WebDNA] Dead line Time Math (2017) [thisurl] file name? (1999) writefile - continued (1997) RE: is sku a REQUIRED field on NT (1997) WebCat2b13 Mac plugin - [sendmail] and checkboxes (1997) WebCommerce: Folder organization ? (1997) Browser Problem?!? POST forms and NN 4.0+ browsers (1997) Explorer 3.0/ Access Denied! (1997) RE: WebDNA-Talk searchable? (1997) Web Catalog vs. ICAT (1997) Weird variable behaviour (2002) Protect (1997) StoreBuilder UPS/XML code question ... (2003) weird G3 happenings (1998) problems with 2 tags shakur (1997) Nested tags count question (1997) AutoCommit Preference? (1998) Date search - yes or no (1997) [WebDNA] Test (2009) suffix mapping, use of cache, etc. (1997)