From 29d40192ed3dc0085b5e513ec071c81e03e95d3b Mon Sep 17 00:00:00 2001
From: xue <>
Date: Thu, 23 Mar 2006 13:25:09 +0000
Subject: Reorganized quickstart tutorial.

---
 .../protected/pages/Security/Cookie.page           | 42 ----------------------
 1 file changed, 42 deletions(-)
 delete mode 100644 demos/quickstart/protected/pages/Security/Cookie.page

(limited to 'demos/quickstart/protected/pages/Security/Cookie.page')

diff --git a/demos/quickstart/protected/pages/Security/Cookie.page b/demos/quickstart/protected/pages/Security/Cookie.page
deleted file mode 100644
index 6e95e380..00000000
--- a/demos/quickstart/protected/pages/Security/Cookie.page
+++ /dev/null
@@ -1,42 +0,0 @@
-<com:TContent ID="body" >
-
-<h1>Cookie Attack Prevention</h1>
-<p>
-Protecting cookies from being attacked is of extreme important, as session IDs are commonly stored in cookies. If one gets hold of a session ID, he essentially owns all relevant session information.
-</p>
-<p>
-There are several countermeasures to prevent cookies from being attacked.
-</p>
-<ul>
-  <li>An application can use SSL to create a secure communication channel and only pass the authentication cookie over an HTTPS connection. Attackers are thus unable to decipher the contents in the transferred cookies.</li>
-  <li>Expire sessions appropriately, including all cookies and session tokens, to reduce the likelihood of being attacked.</li>
-  <li>Prevent <a href="?page=Security.XSS">cross-site scripting (XSS)</a> which causes arbitrary code to run in a user's browser and expose his cookies.</li>
-  <li>Validate cookie data and detect if they are altered.</li>
-</ul>
-<p>
-Prado implements a cookie validation scheme that prevents cookies from being modified. In particular, it does HMAC check for the cookie values if cookie validation is enable.
-</p>
-<p>
-Cookie validation is disabled by default. To enable it, configure the <tt>THttpRequest</tt> module as follows,
-</p>
-<com:TTextHighlighter Language="xml" CssClass="source">
-<modules>
-  <module id="request" class="THttpRequest" EnableCookieValidation="true" />
-</modules>
-</com:TTextHighlighter>
-<p>
-To make use of cookie validation scheme provided by Prado, you also need to retrieve cookies through the <tt>Cookies</tt> collection of <tt>THttpRequest</tt> by using the following PHP statements,
-</p>
-<com:TTextHighlighter CssClass="source">
-foreach($this->Request->Cookies as $cookie)
-    // $cookie is of type THttpCookie
-</com:TTextHighlighter>
-<p>
-To send cookie data encoded with validation information, create new <tt>THttpCookie</tt> objects and add them to the <tt>Cookies</tt> collection of <tt>THttpResponse</tt>,
-</p>
-<com:TTextHighlighter CssClass="source">
-$cookie=new THttpCookie($name,$value);
-$this->Response->Cookies[]=$cookie;
-</com:TTextHighlighter>
-
-</com:TContent>
\ No newline at end of file
-- 
cgit v1.2.3