Hi,

A security review of my application turned up the following.


Application uses Protocol Buffer (protobuff) for their web sessions, but it 
is encoded only on base64. Cookies should be protected using an encryption 
protocol with unique keys for each cookie and/or a secure session method. 
Note: It is a server-side issue, the application is vulnerable because an 
attacker could obtain such encoded session data and easily decrypt it. 

How does one encode cookies using something other than base64, while still 
using protobuf?

Thanks,

venkat

 

-- 
You received this message because you are subscribed to the Google Groups 
"Protocol Buffers" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to protobuf+unsubscr...@googlegroups.com.
To post to this group, send email to protobuf@googlegroups.com.
Visit this group at http://groups.google.com/group/protobuf.
For more options, visit https://groups.google.com/d/optout.

Reply via email to