Do you have a question? Post it now! No Registration Necessary. Now with pictures!
- Posted on
- cookies security tidbit
February 21, 2006, 6:26 pm
rate this thread
vulnerabilities/exploits, I noticed that so-called "poisoned cookies"
are sometimes used. That reminded me of a ancient trick we used
play with Netscape where we would make cookies.txt a read-only
file. The idea is to first get that file the way you want it. In my
case, the only cookie I need is one from my mutual fund.
The procedure for Firefox I used is:
1. Tools - Options - Privacy - Cookies tab
2. Delete cookies
3. Uncheck "Allow sites to Set Cookies"
4. Select "Exceptions"
5. Enter the url and select "Allow"
6. Go to the url to set the cookie
To make sure no malicious web site can alter your cookies.txt
file, locate it using Windows Explorer and click on "Properties".
Check "Read Only". While you're at it, you can view it in Notepad
to verify that only the cookie(s) you want are included, and no
others. You may have some problem locating the folder that the
particular cookies.txt file that's active for FF is in. It will be in
some .... \Firefox\Profiles\xxxxxxxx.default
where xxxxxxxx are eight random characters. FF seems to
create multiple starting paths on the NT based OS to allow for
the various ways you can log in. So that, plus the fact that
you may have other cookies.txt files besides the ones for
FF can make it a bit difficult to track down the particular active
FF cookies.txt file. So be careful to check and verify.