Set-Cookie/EN: Unterschied zwischen den Versionen
Zeile 14: | Zeile 14: | ||
− | [[Category:Siwecos-Scanner]] | + | [[Category:Siwecos-Scanner/EN]] |
{{:{{PAGENAME}}/Category}} | {{:{{PAGENAME}}/Category}} | ||
[[Category:Glossar]] | [[Category:Glossar]] |
Version vom 13. März 2019, 16:11 Uhr
Check of Set-Cookie
Check | Cookies are not secured. |
Beschreibung | Cookies should be secured by setting the HttpOnly and Secure flags to ensure they cannot be read or altered by others. |
Hintergrund | Checks whether or not cookies are secured. |
Auswirkung | Unsecured cookies can be altered or read through a man-in-the-middle-attack. |
Lösung / Tipps | `httpOnly`-flag: set this so that cookies cannot be accessed by Javascript. You protect session information from being stolen and misused. Whoever owns a session cookie is authenticated.
`secure`-Flag: set this to ensure that cookies are only transmitted across encrypted (https) channels. |