View Full Version : Planing a browser plugin. Worried about cookie security.

02-10-2007, 05:48 AM
I'm not a programmer but, I have an idea for a browser plugin. IE and FF. I don't want to reveal what it is.

I'm worried about security though. This plugin will use some kind of cookie technology. But if the cookie is taken, it would compromise the users big time.

So what I want to know is. Is the cookie safe from interception? For example, could someone trick the browser to give the cookie to the wrong website and therefore steal the cookie?

Philip M
02-10-2007, 08:37 AM
See http://www.w3.org/Security/Faq/wwwsf2.html

The short answer is that there is always some possibility that hackers could intercept a cookie, and if your users would be "compromised big time" then you should avoid using them to store sensitive information.

Rather than storing user name and password information etc. in a cookie, with the possibility of interception and discovery, store this information on the server, associate it with a session id, and store the session id in the cookie. The session id will then mean nothing to anyone else, but the server will be able to identify to which user it belongs.