tedd wrote:
At 3:16 PM +0000 3/13/08, Stut wrote:
tedd wrote:
I question the reason why you would want to encrypt the cookie
considering that before the user is going to be provided access to
sensitive data that you require a password confirmation. The
encryption seems to be an unnecessary overkill.
So what if a malicious user uses a cookie to pretend to be a real
user IF before they can get access to sensitive data they have to
enter a correct password?
Please explain.
Certainly. It's not about them getting access to the data in that
cookie, it's got more to do with ensuring the cookie contents remain
unchanged.
While it's true that the "remember me" cookie could live with not
being encrypted I would then need to validate the data it contains. By
encrypting it I know that if it decrypts successfully it's exactly
what the site put in it at the end of the last request.
For some sites this would not be an issue but due to some of the ways
we use the data in that cookie I decided the cost of encrypting it
against the cost of validating it and the risks involved made
encryption the better option.
There is another reason... Cookies are sometimes stored in plain text
on the users machine. Since that cookie contains an email address and
potentially a phone number it's much better to encrypt it and protect
our users.
Hope that answers your question.
Okay.
Considering that all user data is placed in a database for extraction as
needed, then why not put the state of the user's last visit in there as
well and save only the session id (or whatever) as a cookie?
Then, when the user returns, you simply check the cookie with what's
stored in the dB and continue as before. If the check fails (no session
id or it has been altered), then start again.
Because that negates the whole point of doing it which is to reduce
database access to the minimum possible.
To do house keeping, simply run a routine at some interval to check the
sessions' age and remove those that are older than what's wanted.
Why put anything client-side that might be a security problem?
IMHO the encryption reduces the security risk to a more-than-acceptable
level, and it saves a shed load of database calls to the point where
most page requests (~70%) don't touch the database at all which is what
I was aiming for.
-Stut
--
http://stut.net/
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
