1. What are cookies and how are they used to improve security?
As the web pages from the web servers are stateless, cookies is developed to store the information in users' computer for maintaining the interaction between the web page changes within a website and revisit of the web site by user. (W3.org)
According to W3.org, there is a attribute in cookies. The attribute validates the information send and through from the users' browser to the originating server/website but not others, this mechanism prevents the information in cookies not to be collected by others.
2. Can the use of cookies be a security risk?
The common information contained in cookies are:
a. the session ID or authorization information
b. issue time and date of the cookie
c. time of expiration
d. the IP address of the browser the cookie was issued to
e. a message authenticity check (MAC) code
Although the mechanism prevents the information send to other servers, there is still security risk when browsing the websites. The adverising agent in the internet promote the website holder to post advertisement in their website. As a result, when a user browse the website which subscribe the agent, the information will be logged in their cookies. The collected information in the cookies with the IP address contained can be used to analyze for the user habbits and interests. The privacy of the user is affected.
Reference:
Lincoln D. S., John N. S. (2003), The World Wide Web Security FAQ, Retrieved 27 April 2009 from http://www.w3.org/Security/Faq/wwwsf2.html
Subscribe to:
Post Comments (Atom)
Posts
No comments:
Post a Comment