In the system that i'm working on, we are having some session cookies
on the client side that we need to protect against the replay attack !
So I find the following paper
http://www.cse.msu.edu/~alexliu/publications/Cookie/cookie.pdf and I
really like the way that they put thing together. There is only one
problem with this and that is the use of SSL session key (this is used
for anti-replay purpose). I have some problems to get this parameter
in my code (we use .Net framework and the server is running on
IIS7.0). So I was wondering whether anybody in list has implemented
this method for his/her system and whether you have suggestion on
replacing this parameter with another one.
BTW, I know that server side sessions are more secure than client isde
cookies, but my team currently prefers cookies than sessions.
Thanks
Saghar
This list is sponsored by Cenzic
--------------------------------------
Let Us Hack You. Before Hackers Do!
It's Finally Here - The Cenzic Website HealthCheck. FREE.
Request Yours Now!
http://www.cenzic.com/2009HClaunch_Securityfocus
--------------------------------------
In the system that i'm working on, we are having some session cookies
on the client side that we need to protect against the replay attack !
So I find the following paper
http://www.cse.msu.edu/~alexliu/publications/Cookie/cookie.pdf and I
really like the way that they put thing together. There is only one
problem with this and that is the use of SSL session key (this is used
for anti-replay purpose). I have some problems to get this parameter
in my code (we use .Net framework and the server is running on
IIS7.0). So I was wondering whether anybody in list has implemented
this method for his/her system and whether you have suggestion on
replacing this parameter with another one.
BTW, I know that server side sessions are more secure than client isde
cookies, but my team currently prefers cookies than sessions.
Thanks
Saghar
This list is sponsored by Cenzic
--------------------------------------
Let Us Hack You. Before Hackers Do!
It's Finally Here - The Cenzic Website HealthCheck. FREE.
Request Yours Now!
http://www.cenzic.com/2009HClaunch_Securityfocus
--------------------------------------
[ reply ]