I was listening to the stackoverflow podcast (I think it was episode 52). Jeff said how they came up with some kind of authorization mechanism, where they encrypted the credentials in the cookie that they sent to the client. Apparently, someone that Jeff knew could find a hole in this and was able to log in with whatever code he wanted.
In the podcast, he did not go into details, but it aroused my interest. I am one of those people who assume that if you encrypt your cookie information, then they cannot be vulnerable. Has anyone listened to this episode and / or knew what possible hole you would open with this solution?
thanks NCAGE
source
share