|
|
Posted by Richard Formby on 02/16/07 12:56
"monomaniac21" wrote>
>>
>> How could a "malicious user" gain access to a cookie stored somewhere
>> in...
>
> By malicious user i was referring to someone who seeks to gain access
> to other people's accounts by first creating an account and storing a
> cookie, then editing the cookie so that the website automatically logs
> them in as someone else. How can this be prevented?
Er, you can't, or, perhaps, you don't need to.
I could, for instance:
a) Create an account and then hack the cookie so as to use some other
persons credentials to log in, after guessing their credentials.
b) Use your standard login form to log in using some other persons
credentials, after guessing their credentials.
Where is the problem?
On the other hand if you store stuff in your cookie that allows it to be
hacked then your design is flawed.
Navigation:
[Reply to this message]
|