Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 2 of 2
02-10-2007, 04:48 AM #1
- Join Date
- Feb 2007
- Thanked 1 Time in 1 Post
Planing a browser plugin. Worried about cookie security.
I'm not a programmer but, I have an idea for a browser plugin. IE and FF. I don't want to reveal what it is.
I'm worried about security though. This plugin will use some kind of cookie technology. But if the cookie is taken, it would compromise the users big time.
So what I want to know is. Is the cookie safe from interception? For example, could someone trick the browser to give the cookie to the wrong website and therefore steal the cookie?
02-10-2007, 07:37 AM #2
- Join Date
- Jun 2002
- London, England
- Thanked 2,539 Times in 2,517 Posts
The short answer is that there is always some possibility that hackers could intercept a cookie, and if your users would be "compromised big time" then you should avoid using them to store sensitive information.
Rather than storing user name and password information etc. in a cookie, with the possibility of interception and discovery, store this information on the server, associate it with a session id, and store the session id in the cookie. The session id will then mean nothing to anyone else, but the server will be able to identify to which user it belongs.
Last edited by Philip M; 02-10-2007 at 08:00 AM.