I need to know how to protect cookies from tampering or stealing.
I want to ensure the cookie is binded to a particular client only. Only the
requested client should have access to the cookie.
if the cookies is stolen & used on another machine for the same website, it
should not allow the cookie to be read
Any thoughts are welcome.Use SSL to prevent stealing.
Encrypt the data in the cookie to prevent viewing.
MAC protect to prevent tampering.
Put an expiration date in the data in the cookie and check for expiration
in your code to ensure valid timeout.
-Brock
http://staff.develop.com/ballen
Quote:
Originally Posted by
Hello,
>
I need to know how to protect cookies from tampering or stealing.
>
I want to ensure the cookie is binded to a particular client only.
Only the requested client should have access to the cookie.
>
if the cookies is stolen & used on another machine for the same
website, it should not allow the cookie to be read
>
Any thoughts are welcome.
>
0 comments:
Post a Comment