Thread: New Harbor Freight website has MAJOR security hole!!!
View Single Post
  #17   Report Post  
Posted to rec.crafts.metalworking
DoN. Nichols DoN. Nichols is offline
external usenet poster
  
Posts: 2,600
Default New Harbor Freight website has MAJOR security hole!!!
On 2010-05-01, Roger Shoaf wrote:

"DoN. Nichols" wrote in message
...

If I were generating cookies which could be used to access
personal information, I would probably start with the process ID and the
unix raw date, with the digits interleaved by some pattern, and then run
a MD5 checksum on it to generate the actual cookie numbers. Depending
on how serious the stored data was, I would probably toss another few
randomizers into the game.


Seems to me (and I am no expert), that the ability to access personal info
should be blocked from cookie access. To get to that data you should have
to log in with password and ID. To do it otherwise seems to me to invite
trouble

Yes -- but some systems *remember* that you have logged in based
on cookies set for the session time only. HTTP is a "stateless"
protocol, so it can't remember that you are logged in without some kind
of help.

Better would be double-key encryption both ways of course.

Enjoy,
DoN.


--
Email: | Voice (all times): (703) 938-4564
(too) near Washington D.C. | http://www.d-and-d.com/dnichols/DoN.html
--- Black Holes are where God is dividing by zero ---
Reply With QuoteReply With Quote