Databases
StackOverflow2013
Postsdbo
PO
Body
 

Note that there are some explanatory texts on larger screens.

plurals
  1. PO
    text
    copied!<p>The consensus seems to be that they still aren't ready to be used yet. <a href="https://stackoverflow.com/questions/577191/what-is-the-current-state-of-the-cookie2-specification">Some of the reasons for that are mentioned here</a> and mostly relate to browser compliance.</p> <hr> <p>However, on a hunch, I suspect your motive for asking this might relate to the session hijacking problem that has been brought into the limelight by applications like <a href="http://codebutler.com/firesheep" rel="nofollow noreferrer">FireSheep</a>.</p> <p>If that's the case, I came across an interesting paper proposing a solution to the problem called OTC's—one-time cookies. It might be worth a read. It's title is <a href="http://docs.google.com/viewer?a=v&amp;q=cache:EFLdbF7iMyYJ:smartech.gatech.edu/bitstream/handle/1853/37000/GT-CS-11-04.pdf%3Fsequence%3D1+rfc+2965+%22ready+for+use%22+%22one-time%22&amp;hl=en&amp;gl=us&amp;pid=bl&amp;srcid=ADGEESh-TFfx-z7lyHA1b3YTu23y_kp4ykYf0fUW5Jg5H9CtI1Y7ho72I16LkME7nuT-CoxX35T3RQ1F9CObmSAbg-bC8qzA3wsgygsp5R940EGQ4FZ2DkHTdngt8rT0NTp44Hkau1Ls&amp;sig=AHIEtbTqZ_yE9-xLBVODtdQffboz7uRiDg" rel="nofollow noreferrer">One-Time Cookies: Preventing Session Hijacking Attacks with Disposable Credentials</a> and it's from 4 PhD students at Georgia Tech. </p> <p>(In case that google Docs link doesn't work here's <a href="http://smartech.gatech.edu/bitstream/handle/1853/37000/GT-CS-11-04.pdf?sequence=1" rel="nofollow noreferrer">a direct link to the PDF</a>.)</p> <p>In summary, it basically concludes:</p> <blockquote> <p>While completely replacing HTTP with HTTPS will improve the overall security of the Web, it can be a challenging and complex project for some web applications . . . As a result, many web applications will remain vulnerable while site-wide HTTPS is being deployed, a process that is likely to take several years.</p> </blockquote> <p>...</p> <blockquote> <p>By relying on a well-known cryptographic construction such as hash chains, OTC creates disposable authentication tokens that cannot be reused, providing more robust session integrity . . . OTC is considerably more efficient than HTTPS and has approximately the same performance as current cookie-based mechanisms.</p> </blockquote> <p>It's a very interesting read. I hope that helps someone in some way,</p> <p>~gMale</p>
 

Querying!

 
Guidance
An individual column

Larger individual text columns get their own page to allow for proper reading.

SQuiL has stopped working due to an internal error.

If you are curious you may find further information in the browser console, which is accessible through the devtools (F12).

Reload