473,494 Members | 2,027 Online
Bytes | Software Development & Data Engineering Community
Create Post

Home Posts Topics Members FAQ

Cookies - Detection

MDW
Say I've got a site - www.mysite.com - that uses cookies
to store data. Is there any way that someone from another
site - www.imahacker.com - to create a cookie on a client
machine that www.mysite.com would think it owns?

Or could someone who knows how cookies work use Notepad
and create a facsimile cookie that www.mysite.com would be
fooled into thinking it created?

Just a theoretical question, really...
Jul 19 '05 #1
5 1713
> Say I've got a site - www.mysite.com - that uses cookies
to store data. Is there any way that someone from another
site - www.imahacker.com - to create a cookie on a client
machine that www.mysite.com would think it owns?
No.
Or could someone who knows how cookies work use Notepad
and create a facsimile cookie that www.mysite.com would be
fooled into thinking it created?


I don't think this is very likely...
Jul 19 '05 #2
MDW
I didn't think so.

Thanks.
-----Original Message-----
Say I've got a site - www.mysite.com - that uses cookies
to store data. Is there any way that someone from another site - www.imahacker.com - to create a cookie on a client machine that www.mysite.com would think it owns?


No.
Or could someone who knows how cookies work use Notepad
and create a facsimile cookie that www.mysite.com would be fooled into thinking it created?


I don't think this is very likely...
.

Jul 19 '05 #3
You are indeed able to specify the domain at which a cookie is set. So, if a
person surfs to imahacker.com, that site can put a cookie on their system
with a domain of mysite.com

"MDW" <mw********@go.com> wrote in message
news:77****************************@phx.gbl...
Say I've got a site - www.mysite.com - that uses cookies
to store data. Is there any way that someone from another
site - www.imahacker.com - to create a cookie on a client
machine that www.mysite.com would think it owns?

Or could someone who knows how cookies work use Notepad
and create a facsimile cookie that www.mysite.com would be
fooled into thinking it created?

Just a theoretical question, really...

Jul 19 '05 #4
> You are indeed able to specify the domain at which a cookie is set. So, if
a
person surfs to imahacker.com, that site can put a cookie on their system
with a domain of mysite.com


This sounds like a very theoretical assertion. Have you actually tried
this? I have, and it doesn't work... even if it did, it's working the wrong
way around... for a site like imahacker.com to get any useful information
from the user, www.legitimatesite.com would have to knowingly and
intentionally create an "imahacker.com" cookie...
Jul 19 '05 #5
Its the other way around. In a test, I have set a cookie for site B in site
A. What this has the potential to do is set cookies for another site, thus
screwing with the user's normal data. I am not a fan of cookies, and found
this glaring hole some time back. It does has some use for failover setups,
but I am not a fan of it.

"Aaron Bertrand - MVP" <aa***@TRASHaspfaq.com> wrote in message
news:uP**************@TK2MSFTNGP12.phx.gbl...
You are indeed able to specify the domain at which a cookie is set. So, if
a
person surfs to imahacker.com, that site can put a cookie on their
system with a domain of mysite.com


This sounds like a very theoretical assertion. Have you actually tried
this? I have, and it doesn't work... even if it did, it's working the

wrong way around... for a site like imahacker.com to get any useful information
from the user, www.legitimatesite.com would have to knowingly and
intentionally create an "imahacker.com" cookie...

Jul 19 '05 #6
Create Post

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics
3
2138
cookies appearing in browser
by: Mark Ennis | last post by:
Hi! I have a php website that is showing cookies on screen instead of processing them. When I do a 'view source' I get the following: --- Set-Cookie: newsflashcookie=OA%3D%3D Set-Cookie:...
PHP
60
7200
User Agent Detection Logic
by: Fotios | last post by:
Hi guys, I have put together a flexible client-side user agent detector (written in js). I thought that some of you may find it useful. Code is here: http://fotios.cc/software/ua_detect.htm ...
Javascript
6
4738
Opera <NOSCRIPT> will be executed...Flash detection
by: Gustav Medler | last post by:
Hello, there is a known problem with Opera and the execution of content shown in <NOSCRIPT> tag. Everythings works fine, if there is only one simple script like:...
Javascript
4
2533
Writing cookies from ASP with spaces and hyphens
by: Robin Briggs | last post by:
Hi. I have an ASP (3.0, not .NET) app that writes cookies with hyphens and spaces in the names and values. If I had the control over the apps that will be looking for these cookies, I would...
ASP / Active Server Pages
8
4527
Browser version detection: How?
by: R. Smits | last post by:
I've have got this script, the only thing I want to be changed is the first part. It has to detect IE version 6 instead of just "Microsoft Internet Explorer". Can somebody help me out? I tried...
Javascript
9
3047
Detecting if Browser Accepts Cookies & JavaScript
by: SHarris | last post by:
Hello, In our new intranet ASP.NET project, two requirements are that the browser accept cookies AND JavaScript. We are requiring the use of Internet Explorer 6+. 1. Using C# in an ASP.NET...
ASP.NET
24
2391
FAQ Topic - How can I see in javascript if a web browser accepts cookies?
by: FAQ server | last post by:
----------------------------------------------------------------------- FAQ Topic - How can I see in javascript if a web browser accepts cookies?...
Javascript
0
1895
Intrusion Detection Strategies
by: origami.takarana | last post by:
Intrusion Detection Strategies ----------------------------------- Until now, we’ve primarily discussed monitoring in how it relates to intrusion detection, but there’s more to an overall...
Microsoft SQL Server
10
3231
Feature detection vs browser detection
by: Conrad Lender | last post by:
In a recent thread in this group, I said that in some cases object detection and feature tests weren't sufficient in the development of cross-browser applications, and that there were situations...
Javascript
0
7119
marktang
What is ONU?
by: marktang | last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However,...
General
0
6989
Changing the language in Windows 10
by: Hystou | last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can...
Windows Server
0
7195
jinu1996
Maximizing Business Potential: The Nexus of Website Design and Digital Marketing
by: jinu1996 | last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven...
Online Marketing
0
7367
tracyyun
Discussion: How does Zigbee compare with other wireless protocols in smart home applications?
by: tracyyun | last post by:
Dear forum friends, With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each...
General
0
5453
agi2029
AI Job Threat for Devs
by: agi2029 | last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing,...
Career Advice
0
3088
Trying to create a lan-to-lan vpn between two differents networks
by: TSSRALBI | last post by:
Hello I'm a network technician in training and I need your help. I am currently learning how to create and manage the different types of VPNs and I have a question about LAN-to-LAN VPNs. The...
Networking - Hardware / Configuration
0
3078
Windows Forms - .Net 8.0
by: adsilva | last post by:
A Windows Forms form does not have the event Unload, like VB6. What one acts like?
Visual Basic .NET
0
1400
transfer the data from one system to another through ip address
by: 6302768590 | last post by:
Hai team i want code for transfer the data from one system to another through IP address by using C# our system has to for every 5mins then we have to update the data what the data is updated ...
C# / C Sharp
0
285
bsmnconsultancy
Comprehensive Guide to Website Development in Toronto: Expert Insights from BSMN Consultancy
by: bsmnconsultancy | last post by:
In today's digital era, a well-designed website is crucial for businesses looking to succeed. Whether you're a small business owner or a large corporation in Toronto, having a strong online presence...
General

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.

BYTES.COM © 2024
About Bytes
Terms Of Use
Privacy Policy
Sitemap
Advertise on Bytes
How to Post and Respond on Bytes
How to Promote and Link on Bytes
How to increase your Ranking on Bytes
Become a Recognized Expert on Bytes
Feedback Welcomed! Contact Us