[Authentication] cookie-handling in password storage?
Josef Kufner
jk at myserver.cz
Thu Aug 27 12:36:22 PDT 2009
Stef Walter píše v St 19. 08. 2009 v 04:28 +0000:
> Mark Peter Wege wrote:
> > My suggestion is to add cookie handling to the jobs for the password storage.
> > I know that cookies are not passwords, but they affect security and privacy in
> > a similar way as passwords and it would be really good to have a common
> > solution for that too.
> > - Cookies are often used for authentication; In that sense it would be really
> > useful to look them away in a secure framework too.
>
> Yes, for sure. The spec as it is, can certainly be used for cookie
> handling. I agree that cookies are definitely security tokens in many
> cases.
>
> Because of the fact that they're security tokens, it makes an incredible
> amount of sense to have them shared between browsers, so that you can
> log in somewhere, and some library or another browser can use that
> logged in status.
>
> One of the things I'm going to bring up on the list, shortly is about
> collections with their lifetime limited, and never stored to disk. This
> makes sense in the case of a cookie storage as well.
>
> I imagine in conjuction with browsers we'd want to decide on sort of a
> 'schema' for storage of browser secrets. This has been brought once or
> twice on the list. I'm not the one to do it, since I don't have that
> much experience in that arena.
I aggree. We definitively should count with cookies. It is realy good
idea.
Josef Kufner.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 197 bytes
Desc: Toto je =?UTF-8?Q?digit=C3=A1ln=C4=9B?=
=?ISO-8859-1?Q?_podepsan=E1?= =?UTF-8?Q?_=C4=8D=C3=A1st?=
=?ISO-8859-1?Q?_zpr=E1vy?=
Url : http://lists.freedesktop.org/archives/authentication/attachments/20090827/7b96aac7/attachment.pgp
More information about the Authentication
mailing list