April 2011
Intermediate to advanced
500 pages
16h 12m
English
Content preview from Developer's Guide to Web Application Security
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
Start your free trial
sensitive information in a cookie.This isn’t always an option, but it’s always wise to
never store more information than is needed in a cookie.
If sensitive data must be stored, the information should be encrypted and trans-
mitted using TLS or SSL. Using SSL, the cookie can be sent encrypted, meaning the
data in the cookie won’t be plain to see if anyone intercepts it. Without TLS or SSL,
someone using a packet sniffer or other tools to view data transmitted across the
network will be unable to read the contents of the cookie.
Certificate Services
A certificate service is the usual implementation of PKI, and is basically an organization
of services sur ...