Wolf in Sheep's Clothing...
by The Architect
(728 views) -
(recorded 4/22/05 @ 9:18:32 PM)
I was browsing the FireFox Extensions list when I found a neat little extension that lets you edit cookies.
Now, when you choose "remember me," the site puts a cute little cookie (chocolate chip, natch) on your system that remembers your ID.
I tried awhile back to manually edit it. I tracked down where it was held, went in, and tweaked the id from 1 to some other number, and tried to refresh to see if it'd think I was that other person.
However, using the cookie editor, I quickly realized I could log in as ANYONE! Drunk with power, I started to... yeah, no, I actually sorta felt a tinge as I thought about any projects for clients of mine that might rely on similar code—fortunately none exist.
Anyway, the stupidity was storing the literal id number. So I tried to change it to another user's id, restarted FireFox, headed here and sure enough, Welcome, Wildfire. Yeah, that's not me.
My quick fix: The cookie now stores an encrypted form of your encrypted password. I use something called md5 to encrypt passwords so that your password is never stored as plain text. But I didn't want even that hash stored on systems, so I encrypt the hash, and compare and contrast to let you log in.
It's much less likely you'll be able to guess a 32 digit code that corresponds with someone else's... Go for it, though:
36 available characters, repeating.
Either way, your secret's safe with us, once again.
Previous entry: Server Switches...
Next entry: Accept no imitations...
|Back to The Architect's journal :: Back to the journal index :: The Architect's latest entry|
|<-- Log in to leave a note, or create an account, if you don't already have one|