Stories
Slash Boxes
Comments
NOTE: use Perl; is on undef hiatus. You can read content, but you can't post it. More info will be forthcoming forthcomingly.

All the Perl that's Practical to Extract and Report

use Perl Log In

Log In

[ Create a new account ]

merlyn (47)

merlyn
  merlyn@stonehenge.com
http://www.stonehenge.com/merlyn/
AOL IM: realmerlyn (Add Buddy, Send Message)
Yahoo! ID: realmerlyn (Add User, Send Message)

PAUSE-ID: MERLYN [cpan.org].
See my home page [stonehenge.com].

Journal of merlyn (47)

Tuesday December 03, 2002
10:14 AM

Trusting cookies and shopping carts

[ #9245 ]
About once a week, I'm seeing a BUGTRAQ note on some exploit of a shopping cart based on manipulation of cookies.

While most of these probably aren't Perl-related, I'm just amazed at how many so-called "web programmers" don't understand that trusted state should not be stored in cookies. I ranted about this in a column of mine and even provided the two-dozen lines of code required to manage cookies properly and securely.

If Netscape had only embedded a unique serial number in each browser, and not invented cookies, people would have done The Right Thing. {sigh}

The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
 Full
 Abbreviated
 Hidden
More | Login | Reply
Loading... please wait.
  • And merlyn writes: If Netscape had only embedded a unique serial number in each browser, and not invented cookies, people would have done The Right Thing. {sigh}

    While that's an interesting idea, I see a couple of problems. The big one is obvious: everyone is going to scream about their privacy and they would be right. Can you imagine the field day that spammers would have once they realized they could map the serial number to a set of preferences and a name? Our government has made it clear that the

    • It can be done safely if one is careful to embed some sort of anti-tampering device (like a MD5 hash), but despite having heard of that, I've never seen it actually done.
      So then a clever hacker will just MD5 the new price. That worked well. :^)

      The bottom line is that you have to have some of the data be held in a trusted store, so you might as well avoid the need for checking for tampering by just using a product ID of some sort.

      • The MD5 hash works by having a secret key of data kept on the server. The hidden fields are used with the secret key to ensure that creating a new MD5 hash is non-trivial. The hacker would likely be forced to brute force the key. This would be more difficult than a typical crack because there could be many hidden fields and the attacker would have to try different combinations of them. That, combined with a random enough secret key would make the MD5 hash relatively secure. I guess I should have mentio