In-Portal Issue Tracker

Welcome to the In-Portal Open Source CMS Issue Tracker! This is a central management / tracking tool for all types of tasks / issues / bugs for the In-Portal Project. Before reporting any issues, please make sure to read the Guide into Issue Tracker and How to Properly Test and Report Bugs!
Main | My View | View Issues | Change Log | Roadmap | Docs | Wiki | Repositories
  

Relationship Graph View Issue ] Dependency Graph ]
related to child of duplicate of

Viewing Issue Simple Details
ID Category Type Reproducibility Date Submitted Last Update
0001436 [In-Portal CMS] Security feature request N/A 2012-11-05 11:24 2012-12-13 02:46
Reporter alex View Status public  
Assigned To alex
Priority normal Resolution fixed  
Status resolved      
Summary 0001436: Encrypt cookie stored at client
Description I've found an interesting article about mistrusting cookie values submitted by browser to web server - http://phpadvent.org/2011/bake-cookies-like-a-chef-by-michael-nitschinger.

That article explains in details how we can encode/hash cookie values to make sure that In-Portal did set these cookies and they were not faked by user, who wants to hack website.
We can use random string as password used to hash/encode cookies.
Additional Information

Main | My View | View Issues | Change Log | Roadmap | Docs | Wiki | Repositories
  

Web Development by Intechnic
In-Portal Open Source CMS
In-Portal Open Source CMS
Copyright © 2000 - 2009 MantisBT Group

Powered by Mantis Bugtracker