•
•
•
•
What is DaniWeb IT Discussion Community?
You're currently browsing the Database Design section within the Web Development category of DaniWeb, a massive community of 360,994 software developers, web developers, Internet marketers, and tech gurus who are all enthusiastic about making contacts, networking, and learning from each other. In fact, there are 2,489 IT professionals currently interacting right now! Registration is free, only takes a minute and lets you enjoy all of the interactive features of the site.
Please support our Database Design advertiser:
Views: 7046 | Replies: 5
 |
•
•
Join Date: Jan 2004
Location: new yawk
Posts: 38
Reputation: 
Rep Power: 5
Solved Threads: 0
Light Poster
Is it easy or even possible for a user to create a cookie on his own and use it on a site that uses authentication with cookies?
Dominick@tech-lounge.com
www.tech-lounge.com
www.v-dommi.net
www.tech-lounge.com
www.v-dommi.net
•
•
Join Date: Jan 2004
Location: Ireland
Posts: 61
Reputation:
Rep Power: 5
Solved Threads: 0
Junior Poster in Training
Generally, the authentication Info is hashed within the cookie so in order to make a cookie you would need the password amongst other things for the account which generated it. Generally attacks using cookies are executed by using stolen cookies.
•
•
Join Date: Jan 2004
Location: new yawk
Posts: 38
Reputation:
Rep Power: 5
Solved Threads: 0
Light Poster
easy enough. thanks for the quick reply
Dominick@tech-lounge.com
www.tech-lounge.com
www.v-dommi.net
www.tech-lounge.com
www.v-dommi.net
•
•
Join Date: Jan 2004
Location: Netherlands
Posts: 152
Reputation:
Rep Power: 6
Solved Threads: 2
vBulletin.com Staff
It depends on the poorly written code, but it is quite possible to spoof cookies and even steal them remotely using xss
:cheesy: a vBulletin fan community @ vBulletin.nl :cheesy:
•
•
Join Date: Apr 2006
Posts: 1
Reputation:
Rep Power: 0
Solved Threads: 0
Newbie Poster
•
•
•
•
Originally Posted by Redshift
Generally, the authentication Info is hashed within the cookie so in order to make a cookie you would need the password amongst other things for the account which generated it. Generally attacks using cookies are executed by using stolen cookies.
Ok, supposing I have all the cookies I need for cookie authentication, and I'm trying to run some php scripts on one site that will read in other php-generated pages. The problem I'm getting is that the site I'm grabbing from is not recognizing their own cookies or something. I have the required cookies set on my computer for that site, and I have identical ones set on the site I'm trying to run my script on. Do I have to be trying to do this from a server, or at least a computer than can run php?
Ideas?
|
•
•
•
•
Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
•
•
•
•
•
•
•
•
DaniWeb Database Design Marketplace
Linear Mode
- Red Sheriff tracking cookie (Web Browsers)
- cookie matter (Database Design)
Other Threads in the Database Design Forum
- Previous Thread: Database Design - Supertypes and Subtypes
- Next Thread: A few things i dont understand
