Hi, A security review of my application turned up the following.
Application uses Protocol Buffer (protobuff) for their web sessions, but it is encoded only on base64. Cookies should be protected using an encryption protocol with unique keys for each cookie and/or a secure session method. Note: It is a server-side issue, the application is vulnerable because an attacker could obtain such encoded session data and easily decrypt it. How does one encode cookies using something other than base64, while still using protobuf? Thanks, venkat -- You received this message because you are subscribed to the Google Groups "Protocol Buffers" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at http://groups.google.com/group/protobuf. For more options, visit https://groups.google.com/d/optout.
