Gregory Maxwell wrote:
Actually, JS can read and cookies, and thereby use
them as a
datastore. Based on prior threads about JS based challenge
response... it would actually be possible to do this.. but only with a
ton of JS hackery. (I.e. client side JS computes
cookie=H(uid+password) and stores it as a cookie server also stores
this, server would occasionally challenge the client to compute
H(cookie+counter) ... but without server authentication there is no
way to prevent an active MTM attacker from using the client as an
oracle).
I alredy though on that. But if the datastore is a cookie, what do you
think the brwoser will do with that cookie? *Send it to the server*
Which is precisely what we try to avoid. There's a MS extension to avoid
JS touch some cookies, but AFAIK there's not the opposite thing.
PS: A very interesting lib, Brion.