Rob Winch wrote a cool article about why encrypting cookies just isn't enough to keep your app safe. He even provided code to demonstrate the exploit!
http://spring.io/blog/2014/01/20/exploiting-encrypted-cookies-for-fun-and-profit
This just scratches the surface, but is one step to understanding what a good cookie looks like.
No comments:
Post a Comment