[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[lwip-devel] [patch #9576] Adding authorization cookie management

From: Giuseppe Modugno
Subject: [lwip-devel] [patch #9576] Adding authorization cookie management
Date: Thu, 1 Mar 2018 06:14:37 -0500 (EST)
User-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.186 Safari/537.36

Follow-up Comment #7, patch #9576 (project lwip):

> Create a single-page web application. 

And this is a limitation.

> Protected data is pulled from the server using javascript, request URI must
contain ?user=---&pass=---

I know cookies and base64 encoding aren't security technologies, but they are
more "hidden" than a query string. One dummy hacker understand immediately
that you are *continuously* sending password to the server and have more
possibilities to crack the system.

> , so the server is able to check credentials and grant or deny the request.
Username and password validity in login form can be checked in a similar
manner. Credentials can be stored in browser's local storage. 
> All of this can work with vanilla httpd.


Reply to this item at:


  Message sent via/by Savannah

reply via email to

[Prev in Thread] Current Thread [Next in Thread]