Thursday, November 12, 2009

Cookies safety

Cookies can be accessed from the client side using document.cookie. The information can be tampered by this. In order to avoid misusing this security features Microsoft came up with a solution.

A tag in the web.config file as follows will disable this.

<httpCookies domain="String" httpOnlyCookies="true" requireSSL="false" />

This will limit the attackers to gain access to this sensitive information through Cross Site Scripting (XSS) attacks

No comments:

Post a Comment


Obstacles are those frightful things you see when you take your eyes off your goal.------> by Henry Ford