« New Open Source Web Application Scanner Released (Oedipus) | Main | WASC Beerfest in Silicon Valley »

HttpSecureCookie, A Way to Encrypt Cookies with ASP.NET 2.0

"I really have some good laughs when I tamper with cookies on my machine and watch the results when it is submitted back to the site. On the other hand, I don’t want any one to do the same to the cookies that I make!

Cookies, most of the times, shouldn’t be in plain text, at least, they should be tamper-proof! Revealing the content of your cookies might give curious and malicious people an idea about your application’s architecture, and that might help hacking it.

ASP.NET encodes and hashes its authorization ticket, making it secure and tamper-proof. However, the methods used to secure authorization cookies are inaccessible from outside the .NET framework libraries, so you can’t protect your own cookie using these methods; you need to protect it yourself using your own encryption key, encoding and hashing algorithms. HttpSecureCookie works around this by accessing the same methods ASP.NET uses for cookie authorization." - Adam Tibi

Article Link: http://www.codeproject.com/aspnet/HttpSecureCookie.asp


Feed You can follow this conversation by subscribing to the comment feed for this post.

All Comments are Moderated and will be delayed!