Geeks With Blogs

Scott Kuhl Warning: I may have no idea what I am talking about!

Cookies can provide a real convenience to both visitors and programmers of a Web-based application. However, cookies are problematic from a security point of view for two reasons. First, unless your site uses SSL, cookie data is passed in the clear in the header of both the HTTP request and response. That means anyone who is clever enough to sniff packets on a particular port of a particular IP address can read cookie data as plain as day. The second problem is that cookie data is stored in nice little unrestricted cookie files in a browser's cache directory. This means that anyone that has access to your hard drive can see and open your cookies.

Read Encrypting Cookie Data with ASP.NET

Posted on Tuesday, April 18, 2006 9:32 AM ASP.NET , Security | Back to top

Comments on this post: EncryptingCookieDatawithASPNET

No comments posted yet.
Your comment:
 (will show your gravatar)

Copyright © Scott Kuhl | Powered by: