Beefy Boxes and Bandwidth Generously Provided by pair Networks
Just another Perl shrine
 
PerlMonks  

Re^3: Exec script within script or import sub...? help plz

by hbo (Monk)
on Jun 21, 2004 at 06:27 UTC ( #368374=note: print w/replies, xml ) Need Help??


in reply to Re^2: Exec script within script or import sub...? help plz
in thread Exec script within script or import sub...? help plz

Cookies are subject to man-in-the-middle attacks, particularly if you use them in non encrypted communication. CGI::Session uses cookies to keep state between the server and client. The attack isn't easy to do, so it shouldn't be a concern for a low-value target. If you have a high-value target you should be using SSL and keeping the cookie lifetimes short.

I'm actually not sure this is true. This is what I imagine could be done by an attacker that can read the wire between the server and client:

  1. Intercept and extract a cookie from a privileged session.
  2. DOS the genuine client.
  3. Spoof that client's IP and present the ill-gotten cookie to the server.
Step 1 is made harder by encrypting communication. Step 3 could be made easier through understanding of the particular application semantics.

Another possibility is rifling through the browser cache of a (for example) stolen laptop, looking for interesting cookies. Limiting the lifetime of cookies helps protect against that.

  • Comment on Re^3: Exec script within script or import sub...? help plz

Log In?
Username:
Password:

What's my password?
Create A New User
Node Status?
node history
Node Type: note [id://368374]
help
Chatterbox?
[mark4]: Do you h=know how I can get pp.exe? Is there a module I can install that includes this?
[marto]: I always found Strawberry Perl on windows to be a much better environment, made life much easier
[marto]: pp. install it like you would any other module
[marto]: it probably exists in one of the PPM repositories
[marto]: failing that see the README
[mark4]: I installed "PAR" from the ppm install window. pp.exe. did not show up.
[marto]: it should just be a script, pp, or on windows pp.bat, post install you should just be able to call pp -x packed.exe source.pl as the PPM package should put everything required into the appropriate path
[marto]: ah, some time ago pp became it's own package, try searching your repo for PAR::Packer

How do I use this? | Other CB clients
Other Users?
Others exploiting the Monastery: (14)
As of 2018-01-19 14:15 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?
    How did you see in the new year?










    Results (218 votes). Check out past polls.

    Notices?