SitePoint Sponsor

User Tag List

Results 1 to 4 of 4

Thread: Cookie Security

  1. #1
    SitePoint Member
    Join Date
    Aug 2001
    Posts
    20
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Cookie Security

    Im currently using cookies to hold data for my website (the username and pass of the person), and i want to know how security these little text files are. is it safe for me to put my users logon info in those cookies? are there some things i should do to make it (more) secure?
    signature

  2. #2
    SitePoint Enthusiast Atrus's Avatar
    Join Date
    Aug 2001
    Posts
    53
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Hi!

    As cookies are being sent unencrypted the password can be intercepted on its way to your server like any other insecure authentification. If you have SSL available I'd use that in order to keep your users' passwords more secret.
    Furthermore the cookies are stored on the client in textfile(s) as plain text which means that any trojan horse could easily get them.

    Your measures really depend on how much evil[TM] an attacker can do with stolen passwords from your site. Is it just a bulletin board that she/he will gain unauthorized access to? Or will she/he be able to view the actual client's creditcard data that is saved until next purchase on your server????

    Regards,

    Atrus.
    Webmaster - Stefan Meier KG TABAKWAREN - Pfeifen, Premium-Zigarren, ... (_Ger)

  3. #3
    SitePoint Member
    Join Date
    Aug 2001
    Posts
    20
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    well, SSL isn't an option, so i would like to hear what else i can do.

    as for the user data itself, there is no real world data that would be in danger. the database is primarily used to tailor the site to the individual users. some have more rights then others (like being able to post news, add/remove users, create events, mass email everyone), but there is nothing damaging in real life that can be attained by thier user/pass.

    i just wish to be a good coder and not leave out holes like that.

    so what are my options? how do commerical messageboards handle this?
    signature

  4. #4
    SitePoint Wizard johnn's Avatar
    Join Date
    Mar 2001
    Location
    Southern California, USA
    Posts
    1,181
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Hello,
    Use session. Click on my signature. My last post there might be helpful to you.

    John
    Last edited by johnn; Oct 1, 2001 at 23:00.


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •