LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
Search this Thread
Old 01-17-2008, 09:35 AM   #1
Eternal_Newbie
Member
 
Registered: Jun 2005
Location: The Pudding Isles
Distribution: Slackware 13.37
Posts: 573

Rep: Reputation: 59
"Secure" servers leaving cookies on my machine, am I worried about nothing? SOLVED


Hi, this is not a question about security on my machine per se, but rather a more general one. I hope that this is the correct forum.

I was cleaning up my cookies like I regularly do (FF 2.0.0.11, Slackware-current, if that's of interest), when I noticed several cookies that as far as I can tell are from servers I almost exclusively connect to using https. Some even were of the form "secure0.websitename.com" .

My question I guess, is isn't it lax for a secure server to be leaving cookies on your machine? Have I been reading too many scare stories about cookies, or is it one of those "1 factor security" or "security through insanity" systems they talk about at The DailyWTF.

Last edited by Eternal_Newbie; 01-17-2008 at 10:31 AM. Reason: Answed to my satisfaction.
 
Old 01-17-2008, 09:54 AM   #2
win32sux
Guru
 
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870

Rep: Reputation: 371Reputation: 371Reputation: 371Reputation: 371
There's no reason why you shouldn't have cookies from HTTPS sites. HTTPS is just HTTP tunnelled inside SSL. If a site requires the use of cookies in order to work right, it will almost certainly require them regardless of whether you use HTTP or HTTPS.

EDIT: Sorry, I think I had misunderstood your question. I think you were asking about HTTPS sites which don't clear their cookies when you log-out and stuff, right? In those cases, I think the danger really depends on the cookie - or more specifically - the information contained within it. There must also be server-side techniques to make things like cookie-theft hard to accomplish, as evidenced by a serious cookie problem Gmail had (and fixed) a while back.

Last edited by win32sux; 01-17-2008 at 10:14 AM.
 
Old 01-17-2008, 10:18 AM   #3
Eternal_Newbie
Member
 
Registered: Jun 2005
Location: The Pudding Isles
Distribution: Slackware 13.37
Posts: 573

Original Poster
Rep: Reputation: 59
Yes, That's what I was wondering, why they didn't clear their cookies when I log out. I could have stated it a bit more clearly. It's probably poor housekeeping, as you say. I suppose I will just have to check my cookies more regularly. Thanks for the reply.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
LXer: Displaying "MyComputer", "Trash", "Network Servers" Icons On A GNOME Desktop LXer Syndicated Linux News 0 04-02-2007 08:31 AM
LXer: Why EnGarde Secure Linux is "Secure By Design" LXer Syndicated Linux News 0 10-10-2006 12:21 AM
I'm getting a "Port scan" all the time. Should I be worried? Mega Man X General 13 07-16-2004 09:50 PM
This is a "secure' machine... pe2338 Linux - Networking 6 03-14-2004 01:56 PM
How do I partition my disk leaving "untouched" the win? roque Linux - Newbie 1 02-05-2002 09:24 AM


All times are GMT -5. The time now is 10:17 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration