1. Why do cookies need to be tamper-proof

An important reason for Cookie tamper-proof is that the Cookie stores Session ticket-sessionID and some user information to determine the Session information of the current logged-in user. When an HTTP request is made, the HTTP request header contains a Cookie that contains the SessionID. The back-end service obtains the current session information according to the SessionID. If the session information exists, it indicates that the requested user is logged in. The server returns the requested data to the browser according to the user’s permission.

Because cookies are stored on the client side, users can modify them at will. Therefore, there are certain security risks.

Second, the example

Username is intended to explain this concept in a very simple way, and no real project would do that, you know.

  1. The userwallEnter the user name and password on the browser and send a POST request to the back-end server. The backend server validates, returns Response, andSet-Cookieforsessionid=***; username=wall;.
  2. After receiving the HTTP response, the browser detects thatSet-CookieTo local memory or hard disk.
  3. The browser sends a request again with Cookie informationsessionid=***; username=wall;Request to modify your profile picture information.
  4. Server according tosessionidVerify that the current user is logged in according tousername, search for the corresponding data in the database, and modify the profile picture information.

If the current user knows the function of username, change username to pony. After receiving the request, the server changes the data whose username is Pony. This exposes data to the risk of malicious tampering.

Tamper-proof signature

The server generates a signature for each Cookie entry. If the user tampers with the Cookie, it does not correspond to the signature. To determine whether the data has been tampered with.

The principle is as follows:

  • The server provides a signature generation algorithmsecret
  • Generate signatures based on methodssecret(wall)=34Yult8i
  • Puts the generated signature into the corresponding Cookie entryusername=wall|34Yult8i. Among them, content and signature are used|Separated.
  • Based on the received content and signature, the server verifies whether the content is tampered.

Here’s an example:

Such as server receives the request of the Cookie item username = pony | 34 yult8i, then use a signature generation algorithm secret (pony) = 666. If the signature 666 obtained by the algorithm is inconsistent with the signature of the data in the request, the data is tampered with.

4. Protection of sensitive data

In view of the security risks of cookies, sensitive data should be avoided stored in cookies. Sensitive data should be stored in the back end according to the SessionID. To obtain data, go to the backend server according to the SessionID. In addition, for some important Cookie items, corresponding signatures should be generated to prevent malicious tampering.

Friends who like my articles can follow me in the following ways:

  • “Star” or “watch” my GitHub blog
  • RSS subscribe to my personal blog:Mr. Wang’s base