Wolf in Sheep's Clothing...
by The Architect
(663 views) - 4/22/05
(recorded 4/22/05 @ 9:18:32 PM)
I was browsing the FireFox Extensions list when I found a neat little extension that lets you edit cookies.

Now, when you choose "remember me," the site puts a cute little cookie (chocolate chip, natch) on your system that remembers your ID.

I tried awhile back to manually edit it. I tracked down where it was held, went in, and tweaked the id from 1 to some other number, and tried to refresh to see if it'd think I was that other person.

Didn't work.

However, using the cookie editor, I quickly realized I could log in as ANYONE! Drunk with power, I started to... yeah, no, I actually sorta felt a tinge as I thought about any projects for clients of mine that might rely on similar code—fortunately none exist.

Anyway, the stupidity was storing the literal id number. So I tried to change it to another user's id, restarted FireFox, headed here and sure enough, Welcome, Wildfire. Yeah, that's not me.

My quick fix: The cookie now stores an encrypted form of your encrypted password. I use something called md5 to encrypt passwords so that your password is never stored as plain text. But I didn't want even that hash stored on systems, so I encrypt the hash, and compare and contrast to let you log in.

It's much less likely you'll be able to guess a 32 digit code that corresponds with someone else's... Go for it, though:
158 users.
32 digits.
36 available characters, repeating.

Either way, your secret's safe with us, once again.
Previous entry: Server Switches...
Back to The Architect's journal :: Back to the journal index :: The Architect's latest entry
Notes:
Good, I was afraid you had outed me to the resaurant again...


   [enlite (J:: M) 4/24/05 2:58 AM]




good catch

~Cut and print~
   [noprotein (J:: M) 4/28/05 10:20 PM]




<-- Log in to leave a note, or create an account, if you don't already have one

 

Home | Editor Bios | Musings | Editor Journals

Design and concept copyright 2003, 2004 Chris Cardinal :: Content copyright its respective authors

Synapse Studios: Website Design, Custom Software Development, and Web-Based Applications

OIO Page Processed in 0.03 seconds, using ~13 queries. :: 8388607
Now playing: (At least on Dis' machine)