[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[lwip-devel] [patch #9576] Adding authorization cookie management
From: |
Giuseppe Modugno |
Subject: |
[lwip-devel] [patch #9576] Adding authorization cookie management |
Date: |
Fri, 2 Mar 2018 05:42:27 -0500 (EST) |
User-agent: |
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.186 Safari/537.36 |
Follow-up Comment #9, patch #9576 (project lwip):
> Come on. It's easy enough to obfuscate the password, mix it with current
time or request counter. That's not an issue.
All can be done and I admit *the* current solution for security is HTTPS/TLS.
With this technology, you can send password even in clear.
In situations where you don't have HTTPS/TLS you have a security flaw. Full
stop.
Anyway you can try to increase the security as you can. IMHO sending password
continuously (encrypted or not) in query string is a bad thing. For example,
query strings are saved in History or Bookmark from your browser. You see the
query string if you print the page.
I know you can search cookies too, but it seems to me they are a little more
hidden then query strings. And they are less annoying. And I think cookies are
not stored by the browser if they haven't an expiration date (or a maximum
duration).
This is my opinion and I hope you don't think I'm trying to push to apply my
patch.
_______________________________________________________
Reply to this item at:
<http://savannah.nongnu.org/patch/?9576>
_______________________________________________
Message sent via/by Savannah
http://savannah.nongnu.org/
- [lwip-devel] [patch #9576] Adding authorization cookie management, Giuseppe Modugno, 2018/03/01
- [lwip-devel] [patch #9576] Adding authorization cookie management, Giuseppe Modugno, 2018/03/01
- [lwip-devel] [patch #9576] Adding authorization cookie management, Mike Kleshov, 2018/03/01
- [lwip-devel] [patch #9576] Adding authorization cookie management, Giuseppe Modugno, 2018/03/01
- [lwip-devel] [patch #9576] Adding authorization cookie management, Giuseppe Modugno, 2018/03/01
- [lwip-devel] [patch #9576] Adding authorization cookie management, Mike Kleshov, 2018/03/01
- [lwip-devel] [patch #9576] Adding authorization cookie management,
Giuseppe Modugno <=
- [lwip-devel] [patch #9576] Adding authorization cookie management, Mike Kleshov, 2018/03/02
- [lwip-devel] [patch #9576] Adding authorization cookie management, Simon Goldschmidt, 2018/03/02
- [lwip-devel] [patch #9576] Adding authorization cookie management, Giuseppe Modugno, 2018/03/13
- [lwip-devel] [patch #9576] Adding authorization cookie management, Mike Kleshov, 2018/03/13