diff options
author | xue <> | 2006-02-12 02:03:44 +0000 |
---|---|---|
committer | xue <> | 2006-02-12 02:03:44 +0000 |
commit | 4a8eaa0c101489e7a7ad1d87b86d2ee60a1b9caa (patch) | |
tree | bdf1c79610eed7c591f5bf227d1139403968d6b6 | |
parent | 42126e88ba1e3508e2c5a36e49c23bfaf4a4262c (diff) |
Added cookie protection tutorial.
-rw-r--r-- | .gitattributes | 1 | ||||
-rw-r--r-- | demos/quickstart/protected/pages/Security/Cookie.page | 15 |
2 files changed, 16 insertions, 0 deletions
diff --git a/.gitattributes b/.gitattributes index 9a66425d..3d554c69 100644 --- a/.gitattributes +++ b/.gitattributes @@ -221,6 +221,7 @@ demos/quickstart/protected/pages/GettingStarted/Installation.page -text demos/quickstart/protected/pages/GettingStarted/Introduction.page -text demos/quickstart/protected/pages/GettingStarted/Upgrading.page -text demos/quickstart/protected/pages/Security/Auth.page -text +demos/quickstart/protected/pages/Security/Cookie.page -text demos/quickstart/protected/pages/Security/ViewState.page -text demos/quickstart/protected/pages/Security/XSS.page -text demos/quickstart/protected/pages/ViewSource.page -text diff --git a/demos/quickstart/protected/pages/Security/Cookie.page b/demos/quickstart/protected/pages/Security/Cookie.page new file mode 100644 index 00000000..e042f894 --- /dev/null +++ b/demos/quickstart/protected/pages/Security/Cookie.page @@ -0,0 +1,15 @@ +<com:TContent ID="body" >
+
+<h1>Cookie Attack Prevention</h1>
+<p>
+Protecting cookies from being attacked is of extreme important, as session IDs are commonly stored in cookies. If one gets hold of a session ID, he essentially owns all relevant session information.
+</p>
+<p>
+There are several countermeasures to prevent cookies from being attacked.
+</p>
+<ul>
+ <li>An application can use SSL to create a secure communication channel and only pass the authentication cookie over an HTTPS connection. Attackers are thus unable to decipher the contents in the transferred cookies.</li>
+ <li>Expire sessions appropriately, including all cookies and session tokens, to reduce the likelihood of being attacked.</li>
+ <li>Prevent <a href="?page=Security.XSS">cross-site scripting (XSS)</a> which causes arbitrary code to run in a user's browser and expose his cookies.</li>
+ <li>Validate cookie data and detect if they are altered. By default, Prado validates the cookie data to ensure they are not altered.</li>
+</ul>
|