1. What are cookies and how are they used to improve security?
Cookie is information that a Web site puts on your hard disk so that it can remember something about you at a later time. (More technically, it is information for future use that is stored by the server on the client side of a client/server communication.) Typically, a cookie records your preferences when using a particular site. Using the Web's Hypertext Transfer Protocol (HTTP), each request for a Web page is independent of all other requests. For this reason, the Web page server has no memory of what pages it has sent to a user previously or anything about your previous visits. A cookie is a mechanism that allows the server to store its own information about a user on the user's own computer. You can view the cookies that have been stored on your hard disk (although the content stored in each cookie may not make much sense to you). The location of the cookies depends on the browser. Internet Explorer stores each cookie as a separate file under a Windows subdirectory. Netscape stores all cookies in a single cookies.txt fle. Opera stores them in a single cookies.dat file. (Techtarget, 2009)
Cookies are used to improve security, for example, a cookie contains a random chain (session identification), which is unique and difficult to decipher, and valid only for a given period of time. Only the server should be able to associate the user's preferences with the session identifier. Thus, when the session cookie expires, it becomes useless and should not contain any information relating to the user. (Kioskea, 2009)
2. Can the use of cookies be a security risk?
Yes, they can, for example, If the cookie contains direct user information, and its lifespan don't be as close as possible to the duration of the user's session. On the other hand, the data stored in the cookie is sent to the server, to the database where the user entered his data.
Thus, the cookie can be a potential security risk when contain user information.
References:
Techtarget (2009). “Cookie”. Received 20th April, 2009 from URL -
http://searchsoftwarequality.techtarget.com/sDefinition/0,,sid92_gci211838,00.html
Kioskea (2009). “Cookies”. Received 20th April, 2009 from URL -
http://en.kioskea.net/contents/securite/cookies.php3
skip to main |
skip to sidebar
E-systems Infrastructure Development
Visitors map
Nice To Meet You
This is my first time using blog for sharing the technical knowledge on web. Please do your comments on my blog messages, thanks with love!
Category
- About Me (1)
- Elevator Pitch (2)
- Elevator Pitch 1 (1)
- Elevator Pitch 2 (1)
- Exercise (58)
- Exercise 1 (7)
- Exercise 10 (3)
- Exercise 11 (3)
- Exercise 12 (1)
- Exercise 13 (1)
- Exercise 14 (1)
- Exercise 15 (1)
- Exercise 16 (2)
- Exercise 17 (1)
- Exercise 18 (1)
- Exercise 19 (1)
- Exercise 2 (1)
- Exercise 20 (8)
- Exercise 21 (1)
- Exercise 22 (1)
- Exercise 23 (1)
- Exercise 24 (4)
- Exercise 25 (4)
- Exercise 26 (3)
- Exercise 3 (1)
- Exercise 4 (4)
- Exercise 5 (3)
- Exercise 6 (1)
- Exercise 7 (1)
- Exercise 8 (1)
- Exercise 9 (3)
- FocusGroup (1)
- FocusGroup1 (1)
- FYP-A1 (1)
- Workshop (19)
- Workshop 1 (4)
- Workshop 2 (2)
- Workshop 3 (2)
- Workshop 4 (2)
- Workshop 5 (3)
- Workshop 6 (3)
- Workshop 7 (2)
- Workshop 8 (1)
Blog Archive
-
▼
2009
(82)
- ► 03/08 - 03/15 (2)
- ► 03/15 - 03/22 (11)
- ► 03/22 - 03/29 (16)
- ► 03/29 - 04/05 (4)
- ► 04/05 - 04/12 (5)
- ► 04/12 - 04/19 (3)
- ► 04/26 - 05/03 (4)
- ► 05/03 - 05/10 (15)
- ► 05/10 - 05/17 (13)
- ► 05/17 - 05/24 (2)
- ► 05/24 - 05/31 (2)
-
►
2010
(1)
- ► 01/24 - 01/31 (1)
沒有留言:
發佈留言