Anonymous | Login | Signup for a new account | 2024-10-10 12:46 CDT |
Main | My View | View Issues | Change Log | Roadmap | Docs | Wiki | Repositories |
Dependency Graph | [ View Issue ] [ Relation Graph ] [ Vertical ] | |||
|
||||
|
Viewing Issue Simple Details | |||||
ID | Category | Type | Reproducibility | Date Submitted | Last Update |
0001436 | [In-Portal CMS] Security | feature request | N/A | 2012-11-05 11:24 | 2012-12-13 02:46 |
Reporter | alex | View Status | public | ||
Assigned To | alex | ||||
Priority | normal | Resolution | fixed | ||
Status | resolved | ||||
Summary | 0001436: Encrypt cookie stored at client | ||||
Description |
I've found an interesting article about mistrusting cookie values submitted by browser to web server - http://phpadvent.org/2011/bake-cookies-like-a-chef-by-michael-nitschinger. That article explains in details how we can encode/hash cookie values to make sure that In-Portal did set these cookies and they were not faked by user, who wants to hack website. We can use random string as password used to hash/encode cookies. |
||||
Additional Information |
Main | My View | View Issues | Change Log | Roadmap | Docs | Wiki | Repositories |
Web Development by Intechnic In-Portal Open Source CMS |