How secure are cookies?

Collapse
This topic is closed.
X
X
Collapse
 
  • Page of 1
  • Time
  • Show
Clear All
new posts
Previous template Next
  • Jim M
    #1

    How secure are cookies?

    I am curious. If I save an id that points to a users information in a
    cookie, is it possible for a hacker to create a tool to set a million
    different cookies on his local machine and hit my site until a cookie value
    works?

    Thanks in advance. If there is a better newsgroup, let me know.

    Jim


    Tags: None
    • andrea catto'
      #2
      Re: How secure are cookies?

      the problem is that between cookies and network speed, it's 'virtually'
      impossible. based on the type of ID you use.
      you may opt for a UUID/GUID or a 128bit HASH... so that odds to catch the
      same idgive you best odds.

      see it this way,
      how many chances are there for someone to to brute force attack on an ftp
      server ???
      even locally on a localhost, almost none, unless the password is ovious.

      let me give you an example, it's a piece of cake to crack windows passwords
      locally because the time it takes to validate a password is infinitesimal.
      (ever heard of l0pht?)
      but over the lan, even gigabit... odds are against hackers....

      normally hackers dont go throught the front door, they let you stuggle to
      barricade the front door, and they surprise you with ease from the back
      entrance.


      "Jim M" <anonymouse@dis cussions.micros oft.com> wrote in message
      news:%23XT6NqwM EHA.2676@TK2MSF TNGP12.phx.gbl. ..[color=blue]
      > I am curious. If I save an id that points to a users information in a
      > cookie, is it possible for a hacker to create a tool to set a million
      > different cookies on his local machine and hit my site until a cookie[/color]
      value[color=blue]
      > works?
      >
      > Thanks in advance. If there is a better newsgroup, let me know.
      >
      > Jim
      >
      >[/color]


        Comment

        • Klaus H. Probst
          #3
          Re: How secure are cookies?

          Yes, but more likely the 'hacker' can intercept the information in the
          cookie or read it from the file cache off of a compromised machine.

          If this is some type of authentication system, I suggest you take a look at
          the material that's out there. The OpenGroup has a SSO (single sign-on)
          specification that you could lift some ideas from.

          --
          Klaus H. Probst, MVP
          VbBox.com is for sale | HugeDomains
          http://www.vbbox.com/
          Great prices on a large selection of domains. Find the pefect domain for your new startup.



          "Jim M" <anonymouse@dis cussions.micros oft.com> wrote in message
          news:%23XT6NqwM EHA.2676@TK2MSF TNGP12.phx.gbl. ..[color=blue]
          > I am curious. If I save an id that points to a users information in a
          > cookie, is it possible for a hacker to create a tool to set a million
          > different cookies on his local machine and hit my site until a cookie[/color]
          value[color=blue]
          > works?
          >
          > Thanks in advance. If there is a better newsgroup, let me know.
          >
          > Jim
          >
          >[/color]


            Comment

            Previous template Next
            Working...