cookies on web sites

chrisalviola

chrisalviola

New Member
i have this web site made in ASP database and i made it secure that the only way to hack the database is by maybe changing the values of the cookies on the client side, so is it posible to change or know the cookies on the client side?
 
check out HTML forums they might be able to help you. sorry i dont know the answer but you could give it ago.

Hope you get it sorted :)
 
Cookies are a .something program that is saved on the client's computer... so I guess there is a way to open it and change what's inside...

For a better answer, here is the forum for webmasters: www.webmaster-talk.com
 
Yes, they can be changed relatively easily by the client, simply by overwriting the current cookie with one of the same name, or editing it. What kind of verification is on your website? From what you are saying it sound's like it's just one thing, such as a username, which by changing that would give you access to another persons account?

You would be best off adding another cookie with the user's password hashed using sha1 or md5, or encrypted. That way the potential hacker would have to also figure out the user's password, but don't store the password as plain text.

Alternatively you may want to look at using sessions, I'm not sure about ASP but in PHP these store the data on the server, and can be accessed in a similar way to cookies.

Lee :)
 
lee101 said:
Yes, they can be changed relatively easily by the client, simply by overwriting the current cookie with one of the same name, or editing it. What kind of verification is on your website? From what you are saying it sound's like it's just one thing, such as a username, which by changing that would give you access to another persons account?

You would be best off adding another cookie with the user's password hashed using sha1 or md5, or encrypted. That way the potential hacker would have to also figure out the user's password, but don't store the password as plain text.

Alternatively you may want to look at using sessions, I'm not sure about ASP but in PHP these store the data on the server, and can be accessed in a similar way to cookies.

Lee :)
Click to expand...

thnks good idea:)
 
You must log in or register to reply here.
Back
Top