16.Oct.2009 at 01:00 by Kevin Edwards
this one's definitely on my list.
Secure Cookies – Beyond SSL
Dustin Sweigart (21.Oct.2009)
Talk at ZendCon 2009 Uncon (English - US)
Locked windows with an open door...
Security often focuses on the standard routines of protections against XSS, implementing ACL, scrubbing user input. What good is worrying about authorization when you haven't done enough in authentication? The first step in providing authorization is to adequately provide authentication, and using SSL alone isn't enough.
Using cookies intelligently can buy you a lot of things…
* Authentication without touching the DB every request
* High level confidentiality of stored data
* Modification detection
* Protection against common cookie attacks
Quicklink: https://joind.in/961
Who are you?
By clicking this button you are declaring that you are the speaker responsible for it and a claim request will be sent to the administrator of the event.
If the claim is approved you will be able to edit the information for this talk.
Are you sure?
09.Oct.2009 at 19:22 by Hannes Magnusson
Given the fact php.net uses extremely insecure cookies (probably to 'not touch the database on every request'), I'd like to know how to fix it :)