Security and Cryptography
 
Forums: » Register « |  User CP |  Games |  Calendar |  Members |  FAQs |  Sitemap |  Support | 
User Name:
Password:
Remember me
Go Back   Dev Shed ForumsSystem AdministrationSecurity and Cryptography
Reload this Page

Cookie - Security issues

Discuss Cookie - Security issues in the Security and Cryptography forum on Dev Shed.
Cookie - Security issues Security and Cryptography forum discussing issues related to coding, server applications, network protection, data protection, firewalls, ciphers and the like.

Reply
Add This Thread To:
  Del.icio.us   Digg   Google   Spurl   Blink   Furl   Simpy   Y! MyWeb 
« Previous Thread | Next Thread »  
Thread Tools Search this Thread Rate Thread Display Modes
 
Unread Dev Shed Forums Sponsor:
  #1  
Old April 1st, 2005, 04:09 PM
shaharpan shaharpan is offline
Contributing User
Dev Shed Newbie (0 - 499 posts)
  
Join Date: Mar 2005
Posts: 49 shaharpan User rank is Just a Lowly Private (1 - 20 Reputation Level) 
Time spent in forums: 10 h 55 m 24 sec
Reputation Power: 0
Post Cookie - Security issues
Hey !!

What does cookie actually contain.

What information can we get from cookies.

List potential vulnerabilities that exist for the client if this cookie data were transmitted in plain text.

List potential vulnerabilities that exist for a server if a client were allowed to modify the contents of the local cookie file and it were transmitted to the server.

Let me know

Thanz
Reply With Quote
  #2  
Old April 2nd, 2005, 05:11 AM
M.Hirsch M.Hirsch is offline
Contributing User
Dev Shed God 1st Plane (5500 - 5999 posts)
  
Join Date: Oct 2000
Location: Back in the real world.
Posts: 5,969 M.Hirsch User rank is First Lieutenant (10000 - 20000 Reputation Level)M.Hirsch User rank is First Lieutenant (10000 - 20000 Reputation Level)M.Hirsch User rank is First Lieutenant (10000 - 20000 Reputation Level)M.Hirsch User rank is First Lieutenant (10000 - 20000 Reputation Level)M.Hirsch User rank is First Lieutenant (10000 - 20000 Reputation Level)M.Hirsch User rank is First Lieutenant (10000 - 20000 Reputation Level)M.Hirsch User rank is First Lieutenant (10000 - 20000 Reputation Level)M.Hirsch User rank is First Lieutenant (10000 - 20000 Reputation Level) 
Time spent in forums: 1 Month 1 Day 22 h 42 m 50 sec
Reputation Power: 185
Official
documentation from Netscape about cookies

> What does cookie actually contain.
What ever you put in there. Arbitrary data, around 1-4 kb max.
Additionally: A time when it becomes invalid, an URL and a "ssl" flag.

> What information can we get from cookies.
See above

> List potential vulnerabilities that exist for the client if this cookie data were transmitted in plain text.
Not more and not less vulnerabilities than transmitting anything else unencrypted too.

> List potential vulnerabilities that exist for a server if a client were allowed to modify the contents of the local cookie file and it were transmitted to the server.
A client is allowed to modify its own cookies. A server side programmer must know this and never rely on cookies containing anything valid.
Vulns: None if you do it correctly.

... what's the deal with cookies? Is this some kind of school assignment?
They're nothing. At least nothing worth mentioning in a security context. They are only as secure as the programmer applying them, just like everything else in this world too.

M.
Comments on this post
SimonGreenhill agrees!
B-Con agrees!
JimmyGosling agrees: additional proxy rep for B
Domwiz agrees: I'm just jumping on the band wagon
__________________
--
Manuel Hirsch - Linux, FreeBSD, programming, administration articles, tutorials and more.
Reply With Quote
  #3  
Old April 2nd, 2005, 09:36 AM
shaharpan shaharpan is offline
Contributing User
Dev Shed Newbie (0 - 499 posts)
  
Join Date: Mar 2005
Posts: 49 shaharpan User rank is Just a Lowly Private (1 - 20 Reputation Level) 
Time spent in forums: 10 h 55 m 24 sec
Reputation Power: 0
Quote:
Originally Posted by M.Hirsch
Official
documentation from Netscape about cookies

> What does cookie actually contain.
What ever you put in there. Arbitrary data, around 1-4 kb max.
Additionally: A time when it becomes invalid, an URL and a "ssl" flag.

> What information can we get from cookies.
See above

> List potential vulnerabilities that exist for the client if this cookie data were transmitted in plain text.
Not more and not less vulnerabilities than transmitting anything else unencrypted too.

> List potential vulnerabilities that exist for a server if a client were allowed to modify the contents of the local cookie file and it were transmitted to the server.
A client is allowed to modify its own cookies. A server side programmer must know this and never rely on cookies containing anything valid.
Vulns: None if you do it correctly.

... what's the deal with cookies? Is this some kind of school assignment?
They're nothing. At least nothing worth mentioning in a security context. They are only as secure as the programmer applying them, just like everything else in this world too.

M.

Hey

Thanz for the information
Reply With Quote
Reply

Viewing: Dev Shed ForumsSystem AdministrationSecurity and Cryptography > Cookie - Security issues

« Previous Thread | Next Thread »

Thread Tools  Search this Thread 
Search this Thread:

Advanced Search
Display Modes  Rate This Thread 
Linear Mode Linear Mode
Rate This Thread:


Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
View Your Warnings | New Posts | Latest News | Latest Threads | Shoutbox
Forum Jump


Forums: » Register « |  User CP |  Games |  Calendar |  Members |  FAQs |  Sitemap |  Support | 
  
 





© 2003-2008 by Developer Shed. All rights reserved. DS Cluster 5 hosted by Hostway
Stay green...Green IT