12-19-2006, 09:43 AM
Quote:Within one week's time, we stumbled across two different sites using cookies the wrong way. While the attack vectors were a bit different, both sites trusted the cookie data to secure their usersÂ’ accounts. Therefore, this week we are going to spend some time discussing cookies, when they should be used, and what can happen if they are misused...
Security Risks
While cookies can help web developers offer services and features that would require extensive programming otherwise, there are some significant security risks that must be understood before cookies are ever implemented into a website.
First, cookies are stored as plaintext on the user's computer. This means anyone can read them at any time from the local machine. This includes a nosy family member, but also includes the user of the website. In other words, web developers can never assume that the cookie data is a place to store sensitive data...
full article: http://www.informit.com/guides/content.asp?g=security&seqNum=232&rl=1