durusmail: quixote-users: Quixote 3
Quixote 3
2006-03-06
Mike Orr
2006-03-07
David Binger
2006-03-07
Titus Brown
2006-03-07
Mike Orr
2006-03-07
David Binger
2006-03-07
Mike Orr
2006-03-08
Titus Brown
2006-03-08
David Binger
2006-03-17
mario ruggier
2006-03-17
Mike Orr
2006-03-17
mario ruggier
2006-03-17
Mike Orr
2006-03-17
A.M. Kuchling
2006-03-17
Graham Fawcett
2006-03-17
mario ruggier
2006-03-07
David Binger
2006-03-07
David Binger
2006-03-07
Mike Orr
2006-03-07
mario ruggier
2006-03-07
Mike Orr
2006-03-08
David Binger
Quixote 3
Titus Brown
2006-03-08
On Tue, Mar 07, 2006 at 03:54:10PM -0800, Mike Orr wrote:
-> On 3/7/06, David Binger  wrote:
-> >
-> > On Mar 7, 2006, at 5:05 PM, Mike Orr wrote:
-> >
-> > > TG signs the auth cookie cryptographically to prevent
-> > > session hijack; I don't think Quixote does.
-> >
-> > Can you explain how this provides additional security?
->
-> I don't know; they just thought it was important.  Here's what Jeff
-> Watkins posted when I asked about this:
->
-> Mike, there are two primary reasons for using a unique cookie for the
-> identity framework. The first is that not everyone is going to have
-> the session filter enabled. The second, and far more important reason,
-> is that the identity cookie is signed using an SHA1 hash. This means
-> the cookie is "pretty secure".
->
-> You're unlikely to need to worry about someone spoofing an identity
-> cookie. This means it's unlikely that someone would be able to
-> generate a valid identity cookie. You still have to worry about
-> someone sniffing the cookie and using it. But I have some ideas on
-> that front too. We'll probably see them either post 0.9 or post 1.0.

Signing the cookie is irrelevant as long as the cookie is randomly
generated from a large space, to defeat attempts at randomly duplicating
it.  It's only important if the cookie contains meaningful data.

Some protection that Quixote used to have is tying a cookie to a
specific IP address.  That's about as secure as you're going to get.

--titus
reply