Commit | Line | Data |
---|---|---|
a2916c06 MW |
1 | ~1[<!-- -*-html-*- |
2 | -- | |
3 | -- Information about cookies | |
4 | -- | |
5 | -- (c) 2013 Mark Wooding | |
6 | --> | |
7 | ||
8 | <!------- Licensing notice -------------------------------------------------- | |
9 | -- | |
10 | -- This file is part of Chopwood: a password-changing service. | |
11 | -- | |
12 | -- Chopwood is free software; you can redistribute it and/or modify | |
13 | -- it under the terms of the GNU Affero General Public License as | |
14 | -- published by the Free Software Foundation; either version 3 of the | |
15 | -- License, or (at your option) any later version. | |
16 | -- | |
17 | -- Chopwood is distributed in the hope that it will be useful, | |
18 | -- but WITHOUT ANY WARRANTY; without even the implied warranty of | |
19 | -- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | |
20 | -- GNU Affero General Public License for more details. | |
21 | -- | |
22 | -- You should have received a copy of the GNU Affero General Public | |
23 | -- License along with Chopwood; if not, see | |
24 | -- <http://www.gnu.org/licenses/>. | |
25 | -->~]~ | |
26 | ||
27 | <h1>Why and how Chopwood uses cookies</h1> | |
28 | ||
29 | <h2>Which cookies does Chopwood actually store?</h2> | |
30 | ||
31 | <p>Chopwood uses only one cookie, named <b>chpwd-token</b>. The cookie is | |
32 | stored with a maximum lifetime of 25 minutes: after this time, your browser | |
33 | should forget all about it (and the server will stop caring about what it | |
34 | means). | |
35 | ||
36 | <h2>What do you need this cookie for?</h2> | |
37 | ||
38 | <p>The cookie contains a token which tells the server that you've logged in | |
39 | properly. We could have chosen to use a hidden form field to carry this | |
40 | token about, but that causes other trouble. | |
41 | ||
42 | <p>For example, if we used <b>GET</b> requests then the token would appear as | |
43 | part of a URL, where it would end up being written in the location bar of | |
44 | many browsers, stored in history databases, many even sent to random cloud | |
45 | services; this obviously has an adverse effect on security. Also, the token | |
46 | is kind of long and ugly. | |
47 | ||
48 | <p>We could avoid this problem by using <b>POST</b> requests everywhere, but | |
49 | that causes other trouble. In particular, you'd get that annoying | |
50 | <blockquote> | |
51 | The page that you’re looking for used information that you | |
52 | entered. Returning to hat page might cause any action that you took to be | |
53 | repeated. | |
54 | </blockquote> | |
55 | message whenever you hit the reload button. | |
56 | ||
57 | <h2>What's in this cookie?</h2> | |
58 | ||
59 | <p>If you actually look at the cookie, you find that it looks something like | |
60 | this: | |
61 | <blockquote> | |
62 | <tt>1357322139.HFsD16dOh1jjdhXdO%24gkjQ.eBcBNYFhi6sKpGuahfr7yQDzqOJuYZZexJbVug9ultU.mdw</tt> | |
63 | </blockquote> | |
64 | (Did I say something about long and ugly?) It consists of four pieces | |
65 | separated by dots ‘<tt>.</tt>’. | |
66 | ||
67 | <dl> | |
68 | <dt>Datestamp | |
69 | <dd>The time at which the cookie was issued, as a simple count of (non-leap) | |
70 | seconds since 1974–01–01 00:00:00 UTC (or what would have been | |
71 | that if UTC had existed back then in its current form). | |
72 | ||
73 | <dt>Nonce | |
74 | <dd>This is just a random string. When you change a password, the server | |
75 | checks that the request includes a copy of this nonce, as a protection | |
76 | against | |
77 | <a href='http://en.wikipedia.org/wiki/Cross-site_request_forgery'><em>cross-site | |
78 | request forgery</em></a> attacks. | |
79 | ||
80 | <dt>Tag | |
81 | <dd>This is a cryptographic check that the other parts of the token haven't | |
82 | been modfied by an attacker. | |
83 | ||
84 | <dt>User name | |
85 | <dd>Your user name, in plain text. | |
86 | </dl> | |
87 | ||
88 | <h2>How do I know you're not using this as part of some hideous behavioural | |
89 | advertising scheme?</h2> | |
90 | ||
91 | <p>That's tricky. I could tell you that this program is | |
92 | <a href='http://www.gnu.org/philosophy/free-sw.html'>free software</a>, and | |
93 | that you can <a href='chpwd'>download its source code</a> and check for | |
94 | yourself. | |
95 | ||
96 | <p>That's true, except that it shouldn't do much to convince you that this | |
97 | server is actually running the code it claims to be. And anyway, Chopwood | |
98 | itself represents only one of many bits of software which could be keeping | |
99 | track of you somehow through this cookie. | |
100 | ||
101 | <p>So, really, it comes down to trust. Sorry. | |
102 | ||
103 | ~1[<!------- That's all, folks ------------------------------------------>~]~ |