Commit | Line | Data |
---|---|---|
a2916c06 MW |
1 | ~1[<!-- -*-html-*- |
2 | -- | |
3 | -- Information about cookies | |
4 | -- | |
5 | -- (c) 2013 Mark Wooding | |
6 | --> | |
7 | ||
8 | <!------- Licensing notice -------------------------------------------------- | |
9 | -- | |
10 | -- This file is part of Chopwood: a password-changing service. | |
11 | -- | |
12 | -- Chopwood is free software; you can redistribute it and/or modify | |
13 | -- it under the terms of the GNU Affero General Public License as | |
14 | -- published by the Free Software Foundation; either version 3 of the | |
15 | -- License, or (at your option) any later version. | |
16 | -- | |
17 | -- Chopwood is distributed in the hope that it will be useful, | |
18 | -- but WITHOUT ANY WARRANTY; without even the implied warranty of | |
19 | -- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | |
20 | -- GNU Affero General Public License for more details. | |
21 | -- | |
22 | -- You should have received a copy of the GNU Affero General Public | |
23 | -- License along with Chopwood; if not, see | |
24 | -- <http://www.gnu.org/licenses/>. | |
25 | -->~]~ | |
26 | ||
27 | <h1>Why and how Chopwood uses cookies</h1> | |
28 | ||
29 | <h2>Which cookies does Chopwood actually store?</h2> | |
30 | ||
31 | <p>Chopwood uses only one cookie, named <b>chpwd-token</b>. The cookie is | |
32 | stored with a maximum lifetime of 25 minutes: after this time, your browser | |
33 | should forget all about it (and the server will stop caring about what it | |
34 | means). | |
35 | ||
36 | <h2>What do you need this cookie for?</h2> | |
37 | ||
e8410ae0 MW |
38 | <p>The cookie contains a token which tells the server that you’ve |
39 | logged in properly. We could have chosen to use a hidden form field to | |
40 | carry this token about, but that causes other trouble. | |
a2916c06 MW |
41 | |
42 | <p>For example, if we used <b>GET</b> requests then the token would appear as | |
43 | part of a URL, where it would end up being written in the location bar of | |
44 | many browsers, stored in history databases, many even sent to random cloud | |
45 | services; this obviously has an adverse effect on security. Also, the token | |
46 | is kind of long and ugly. | |
47 | ||
48 | <p>We could avoid this problem by using <b>POST</b> requests everywhere, but | |
e8410ae0 | 49 | that causes other trouble. In particular, you’d get that annoying |
a2916c06 MW |
50 | <blockquote> |
51 | The page that you’re looking for used information that you | |
52 | entered. Returning to hat page might cause any action that you took to be | |
53 | repeated. | |
54 | </blockquote> | |
55 | message whenever you hit the reload button. | |
56 | ||
e8410ae0 | 57 | <h2>What’s in this cookie?</h2> |
a2916c06 MW |
58 | |
59 | <p>If you actually look at the cookie, you find that it looks something like | |
60 | this: | |
61 | <blockquote> | |
62 | <tt>1357322139.HFsD16dOh1jjdhXdO%24gkjQ.eBcBNYFhi6sKpGuahfr7yQDzqOJuYZZexJbVug9ultU.mdw</tt> | |
63 | </blockquote> | |
64 | (Did I say something about long and ugly?) It consists of four pieces | |
65 | separated by dots ‘<tt>.</tt>’. | |
66 | ||
67 | <dl> | |
68 | <dt>Datestamp | |
69 | <dd>The time at which the cookie was issued, as a simple count of (non-leap) | |
70 | seconds since 1974–01–01 00:00:00 UTC (or what would have been | |
71 | that if UTC had existed back then in its current form). | |
72 | ||
73 | <dt>Nonce | |
74 | <dd>This is just a random string. When you change a password, the server | |
75 | checks that the request includes a copy of this nonce, as a protection | |
76 | against | |
138df99f | 77 | <a href="http://en.wikipedia.org/wiki/Cross-site_request_forgery"><em>cross-site |
a2916c06 MW |
78 | request forgery</em></a> attacks. |
79 | ||
80 | <dt>Tag | |
e8410ae0 MW |
81 | <dd>This is a cryptographic check that the other parts of the token |
82 | haven’t been modfied by an attacker. | |
a2916c06 MW |
83 | |
84 | <dt>User name | |
85 | <dd>Your user name, in plain text. | |
86 | </dl> | |
87 | ||
e8410ae0 MW |
88 | <h2>How do I know you’re not using this as part of some hideous |
89 | behavioural advertising scheme?</h2> | |
a2916c06 | 90 | |
e8410ae0 | 91 | <p>That’s tricky. I could tell you that this program is |
138df99f | 92 | <a href="http://www.gnu.org/philosophy/free-sw.html">free software</a>, and |
8c4d90a3 MW |
93 | that you can |
94 | <a href="~={script}H/~={package}H-~={version}H.tar.gz">">download its | |
95 | source code</a> and check for yourself. | |
a2916c06 | 96 | |
e8410ae0 MW |
97 | <p>That’s true, except that it shouldn’t do much to convince |
98 | you that this server is actually running the code it claims to be. And | |
99 | anyway, Chopwood itself represents only one of many bits of software | |
100 | which could be keeping track of you somehow through this cookie. | |
a2916c06 MW |
101 | |
102 | <p>So, really, it comes down to trust. Sorry. | |
103 | ||
104 | ~1[<!------- That's all, folks ------------------------------------------>~]~ |