Im currently working on a personal full stack application using cookies with the express-session middleware. Theyre secured with some sort of secret. Im not really too sure how that works but I think it jumbles/hashes up the cookie (let me know if I'm incorrect). So if I store some data in my cookie like for instance the auto incrementing primary Id column in my database Is it possible for someone to "crack the cookie and change there information from say:
{ #user1id
userId: 1
}
to
{ #user2id
userId: 2
}
and gain user2's private information?
So in the case this is possible and I were (I'm not, but hypothetically) making a social media platform with a large userbase, should I use something like uuids so its basically impossible to spoof or not use cookies at all and opt for something "more secure"?
Thanks
http://dlvr.it/Sj0BwD
G:7-Security (Cyber Security Research and Global Information Security Services)
No comments:
Post a Comment