[cap-talk] Security considerations for cookies
David Wagner
daw at cs.berkeley.edu
Mon Feb 15 23:21:38 PST 2010
Adam Barth wrote:
>[[
>Servers SHOULD encrypt and sign their cookies when transmitting
>them to the user agent (even when sending the cookies over a secure
>channel).
>]]
Hmm. I wonder if this advice can be improved.
Consider two alternate paradigms, which we could recommend:
P1: Servers should encrypt and sign cookies.
P2: Servers should store only a random unguessable ID in the cookie,
and all state should be stored on the server, indexed by that ID.
I think P1 has an additional security risk that is less likely to arise
in P2: the risk of replay attacks. So, to me, P1 seems like it might be
harder to secure: i.e., it seems like if we want to explain to developers
how to use P1 securely, the list of things we have to explain is longer
than if we recommend P2.
(Yes, replay attacks could occur in P2 if developers added new IDs
and entries to the state table instead of mutating the entry associated
with an existing ID, but I conjecture that this kind of mistake is
less likely, because developers are used to updating entries in
hashmaps as time passes.)
This makes me think it may be better to recommend that developers
follow approach P2. What do you think?
More information about the cap-talk
mailing list