[cap-talk] Security considerations for cookies
James A. Donald
jamesd at echeque.com
Mon Feb 15 16:17:29 PST 2010
Adam Barth wrote:
> Recall, that we're worried about an attack who uses these integrity
> failures to transplant cookies from his browser to the user's
> browser. He can just as easily transplant the "unguessable" secret
> he receives in his browser to the user's browser in the URL or POST
> parameters.
I have always thought of this, and perhaps heard of this, as "cookie
forcing"
More information about the cap-talk
mailing list