How does Cookie Secure.NET work?
Cookie Secure.NET secures cookies by encrypting data and preventing user tampering. It works with and supplements the native / built-in .Net HttpCookie object.
How is this different from the built-in HttpCookie object in ASP.Net?
The built-in HttpCookie object in ASP.Net simply reads and writes data to and from cookies. The data can be easily read on a client computer and can also be changed by users.
There are three main problems with storing data in cookies.
- The cookie of the computer that hosts the client web browser can be opened and read by the user. This could be a problem if there is sensitive information and the user reading the contents of the cookie shouldn't really have access to the information.
- When using an unsecured (i.e. non HTTPS) connection, data contained in cookies can be intercepted by unscrupulous web proxies operating between the web server and client browser. Again, there could be a potential security issue with unknown users reading sensitive data contained in cookies.
- The recipient can maliciously alter the contents of the cookie for example, to try and hack a web site by “spoofing” a logon of another user.
Cookie Secure.NET fixes the security shortcomings of the built in ASP.Net HttpCookie object as follows.
- Encrypt cookie data - data cannot be easily understood by users inspecting cookie files on their computers.
- Detecting and responding to user tampering of cookies - if a user attempts to alter the contents of a cookie, an exception is raised from our component.