Home page logo
/

basics logo Security Basics mailing list archives

Re: Cookie Security
From: Orlin Gueorguiev <orlin () baturov com>
Date: Wed, 30 Apr 2008 07:57:08 +0200

Hi Audrius,
Every respone generate a new token, which must be returned back to server on
next request. Place this token into cookies, hidden fields, url,
whatever, but server must get it back on next request. If next request
comes without correct token, then over the session. This method also
will help you avoid CSRF vulnerabilities. 
According to wiki:
======
CSRF merely transmits unauthorized commands from a user the website trusts.
For example, one user, Bob, might be browsing a chat forum where another user, 
Mallory, has posted a message. Suppose that Mallory has crafted an HTML image 
element that references a script on Bob's bank's website (rather than an 
image file), e.g.,

<img 
src="http://bank.example/withdraw?account=bob&amount=1000000&for=mallory";>

If Bob's bank keeps his authentication information in a cookie, and if the 
cookie hasn't expired, then Bob's browser's attempt to load the image will 
submit the withdrawal form with his cookie, thus authorizing a transaction 
without Bob's approval.
=====
So... what I am asking myself how your consept can secure, that CSRF is not 
going to be exploited?


I know SSL is the "real" solution, but I wondered if anyone has attempted
to secure this common system at an application level. perhaps not. if so
thats fine.
Actually not... SSL is used to secure a virtual private connection between 2 
instances. If I secure a connection to a site I can still exploit it via XSS.

Orlin


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault