|
If there is no obvious reason, it could always be a "firesheep"
attack. Essentially, this attack steals/clones your cookies which
steals a session. More details here:
http://en.wikipedia.org/wiki/Firesheep For the end-user, the easiest way to help prevent this is with an extension called https-everywhere. https://www.eff.org/https-everywhere This addon essentially forces the browser to use SSL as much as possible which will keep the cookies encrypted as well. (Note, not every site is supported...) As developers we can help prevent issues like this by using the httponly and secure attributes of cookies. Httponly helps prevent the theft of cookies through XSS attacks. Essentially, when you set a cookie, httponly does not allow _javascript_ to read the cookie. The secure attribute is primarily helps when your site is all SSL. It only allows the cookie to be used through SSL connections. (i.e. if you are directed to an unencrypted page, the cookie will not be sent.) Links for more info: http://www.petefreitag.com/item/764.cfm http://www.adobe.com/devnet/coldfusion/articles/coldfusion-securing-apps.html http://www.jalpino.com/index.cfm/event/read/entry/Securing_CFID_CFToken_and_JSessionID_cookies http://stackoverflow.com/questions/1048436/forcing-httponly-cookies-with-jrun-coldfusion On 06/02/2012 09:16 AM, Peyton Todd wrote: ------------------------------------------------------------- To unsubscribe from this list, manage your profile @ http://www.acfug.org?fa=login.edituserform For more info, see http://www.acfug.org/mailinglists Archive @ http://www.mail-archive.com/discussion%40acfug.org/ List hosted by http://www.fusionlink.com ------------------------------------------------------------- |
- [ACFUG Discuss] HEY Peyton Todd
- Re: [ACFUG Discuss] HEY Veronika Bari
- Re: [ACFUG Discuss] HEY Peyton Todd
- RE: [ACFUG Discuss] HEY Charlie Arehart
- Re: [ACFUG Discuss] HEY Peyton Todd
- Re: [ACFUG Discuss] HEY Frank Moorman
- RE: [ACFUG Discuss] HEY Charlie Arehart
- Re: [ACFUG Discuss] HEY Peyton Todd
- RE: [ACFUG Discuss] HEY Charlie Arehart
- Re: [ACFUG Discuss] HEY Peyton Todd
