lwip-devel
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[lwip-devel] [patch #9576] Adding authorization cookie management

From: Giuseppe Modugno
Subject: [lwip-devel] [patch #9576] Adding authorization cookie management
Date: Thu, 1 Mar 2018 06:14:37 -0500 (EST)
User-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.186 Safari/537.36 
Follow-up Comment #7, patch #9576 (project lwip):

> Create a single-page web application. 

And this is a limitation.

> Protected data is pulled from the server using javascript, request URI must
contain ?user=---&pass=---

I know cookies and base64 encoding aren't security technologies, but they are
more "hidden" than a query string. One dummy hacker understand immediately
that you are *continuously* sending password to the server and have more
possibilities to crack the system.

> , so the server is able to check credentials and grant or deny the request.
Username and password validity in login form can be checked in a similar
manner. Credentials can be stored in browser's local storage. 
> All of this can work with vanilla httpd.


    _______________________________________________________

Reply to this item at:

  <http://savannah.nongnu.org/patch/?9576>

_______________________________________________
  Message sent via/by Savannah
  http://savannah.nongnu.org/
reply via email to
[Prev in Thread] Current Thread [Next in Thread]