On 12/28/2012 02:09 PM, Reindl Harald wrote:
Am 28.12.2012 20:06, schrieb Robert Moskowitz:
Harald,
I am beginning to see what you are doing; through some foggy glasses. Still
need to read more, and today was not a
reading day. I am struggling to understand the attack space.
How can the user submit their cookie over an non-ssl connection when the server
redirects everything to https? The
only senario I have come up with is with the login screen in front of them, the
user changes the method to http,
enters in their data and sends?
because the browser sends cookies with the HTTP-HEADER at the first connect
the redirect from the server is also a header of the RESPONSE
at this time the cookie was already sent unencrypted
Ah, such brilliance in overhead reduction.
So your little bit would have to change the cookie content so that the
browser is informed that this cookie is only to be sent over a secure
connection? Only way I see to stop this behavior is for the cookie to
be flagged.
_______________________________________________
Roundcube Users mailing list
[email protected]
http://lists.roundcube.net/mailman/listinfo/users
