A security review of my application turned up the following.
Application uses Protocol Buffer (protobuff) for their web sessions, but it
is encoded only on base64. Cookies should be protected using an encryption
protocol with unique keys for each cookie and/or a secure session method.
Note: It is a server-side issue, the application is vulnerable because an
attacker could obtain such encoded session data and easily decrypt it.
How does one encode cookies using something other than base64, while still
You received this message because you are subscribed to the Google Groups
"Protocol Buffers" group.
To unsubscribe from this group and stop receiving emails from it, send an email
To post to this group, send email to firstname.lastname@example.org.
Visit this group at http://groups.google.com/group/protobuf.
For more options, visit https://groups.google.com/d/optout.