Login or Register

Secure Cookies – Beyond SSL

Dustin Sweigart (Oct 21, 2009)
Talk at ZendCon 2009 Uncon (English - US)

Rating: 4 of 5

Locked windows with an open door...
Security often focuses on the standard routines of protections against XSS, implementing ACL, scrubbing user input. What good is worrying about authorization when you haven't done enough in authentication? The first step in providing authorization is to adequately provide authentication, and using SSL alone isn't enough.

Using cookies intelligently can buy you a lot of things…

* Authentication without touching the DB every request
* High level confidentiality of stored data
* Modification detection
* Protection against common cookie attacks

Quicklink: http://joind.in/961

Claim This Talk

 
Comments closed.

Comments

Rating: 5 of 5

Oct 6, 2009, 20:00 by Anonymous

I am definitely interested in this.

Rating: 5 of 5

Oct 7, 2009, 21:36 by Anonymous

sounds good

Rating: 3 of 5

Oct 9, 2009, 19:22 by bjori

Given the fact php.net uses extremely insecure cookies (probably to 'not touch the database on every request'), I'd like to know how to fix it :)

Rating: 5 of 5

Oct 12, 2009, 14:47 by Anonymous

Show us the way!

Rating: 5 of 5

Oct 12, 2009, 16:41 by Anonymous

I'd like to see this one.

Rating: 4 of 5

Oct 15, 2009, 17:55 by Anonymous

+1

Rating: 4 of 5

Oct 16, 2009, 01:00 by kedwards

this one's definitely on my list.

Rating: 4 of 5

Oct 20, 2009, 22:13 by ibspoof

+1

Def. could use this.

Sign in

Need an account? Register now!
Forgot Password

Submit your event

Know of an event happening? Let us know! We love to get the word out about events the community would be interested in and you can help us spread the word!

Submit your event!

Events | Talks | Search | About | Help | Blog | API | Contact
© Joind.in 2010