Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 2 of 2
  1. #1
    Regular Coder
    Join Date
    Feb 2007
    Posts
    113
    Thanks
    6
    Thanked 1 Time in 1 Post

    Planing a browser plugin. Worried about cookie security.

    I'm not a programmer but, I have an idea for a browser plugin. IE and FF. I don't want to reveal what it is.

    I'm worried about security though. This plugin will use some kind of cookie technology. But if the cookie is taken, it would compromise the users big time.

    So what I want to know is. Is the cookie safe from interception? For example, could someone trick the browser to give the cookie to the wrong website and therefore steal the cookie?

  • #2
    Supreme Master coder! Philip M's Avatar
    Join Date
    Jun 2002
    Location
    London, England
    Posts
    17,985
    Thanks
    203
    Thanked 2,536 Times in 2,514 Posts
    See http://www.w3.org/Security/Faq/wwwsf2.html

    The short answer is that there is always some possibility that hackers could intercept a cookie, and if your users would be "compromised big time" then you should avoid using them to store sensitive information.

    Rather than storing user name and password information etc. in a cookie, with the possibility of interception and discovery, store this information on the server, associate it with a session id, and store the session id in the cookie. The session id will then mean nothing to anyone else, but the server will be able to identify to which user it belongs.
    Last edited by Philip M; 02-10-2007 at 08:00 AM.


  •  

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •