| 1 | ~1[<!-- -*-html-*- |
| 2 | -- |
| 3 | -- Information about cookies |
| 4 | -- |
| 5 | -- (c) 2013 Mark Wooding |
| 6 | --> |
| 7 | |
| 8 | <!------- Licensing notice -------------------------------------------------- |
| 9 | -- |
| 10 | -- This file is part of Chopwood: a password-changing service. |
| 11 | -- |
| 12 | -- Chopwood is free software; you can redistribute it and/or modify |
| 13 | -- it under the terms of the GNU Affero General Public License as |
| 14 | -- published by the Free Software Foundation; either version 3 of the |
| 15 | -- License, or (at your option) any later version. |
| 16 | -- |
| 17 | -- Chopwood is distributed in the hope that it will be useful, |
| 18 | -- but WITHOUT ANY WARRANTY; without even the implied warranty of |
| 19 | -- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
| 20 | -- GNU Affero General Public License for more details. |
| 21 | -- |
| 22 | -- You should have received a copy of the GNU Affero General Public |
| 23 | -- License along with Chopwood; if not, see |
| 24 | -- <http://www.gnu.org/licenses/>. |
| 25 | -->~]~ |
| 26 | |
| 27 | <h1>Why and how Chopwood uses cookies</h1> |
| 28 | |
| 29 | <h2>Which cookies does Chopwood actually store?</h2> |
| 30 | |
| 31 | <p>Chopwood uses only one cookie, named <b>chpwd-token</b>. The cookie is |
| 32 | stored with a maximum lifetime of 25 minutes: after this time, your browser |
| 33 | should forget all about it (and the server will stop caring about what it |
| 34 | means). |
| 35 | |
| 36 | <h2>What do you need this cookie for?</h2> |
| 37 | |
| 38 | <p>The cookie contains a token which tells the server that you’ve |
| 39 | logged in properly. We could have chosen to use a hidden form field to |
| 40 | carry this token about, but that causes other trouble. |
| 41 | |
| 42 | <p>For example, if we used <b>GET</b> requests then the token would appear as |
| 43 | part of a URL, where it would end up being written in the location bar of |
| 44 | many browsers, stored in history databases, many even sent to random cloud |
| 45 | services; this obviously has an adverse effect on security. Also, the token |
| 46 | is kind of long and ugly. |
| 47 | |
| 48 | <p>We could avoid this problem by using <b>POST</b> requests everywhere, but |
| 49 | that causes other trouble. In particular, you’d get that annoying |
| 50 | <blockquote> |
| 51 | The page that you’re looking for used information that you |
| 52 | entered. Returning to that page might cause any action that you took |
| 53 | to be repeated. |
| 54 | </blockquote> |
| 55 | message whenever you hit the reload button. |
| 56 | |
| 57 | <h2>What’s in this cookie?</h2> |
| 58 | |
| 59 | <p>If you actually look at the cookie, you find that it looks something like |
| 60 | this: |
| 61 | <blockquote> |
| 62 | <tt>1357322139.eBcBNYFhi6sKpGuahfr7yQDzqOJuYZZexJbVug9ultU.mdw</tt> |
| 63 | </blockquote> |
| 64 | (Did I say something about long and ugly?) It consists of three pieces |
| 65 | separated by dots ‘<tt>.</tt>’. |
| 66 | |
| 67 | <dl> |
| 68 | <dt>Datestamp |
| 69 | <dd>The time at which the cookie was issued, as a simple count of (non-leap) |
| 70 | seconds since 1970–01–01 00:00:00 UTC (or what would have been |
| 71 | that if UTC had existed back then in its current form). |
| 72 | |
| 73 | <dt>Tag |
| 74 | <dd>This is a cryptographic check that the other parts of the token |
| 75 | haven’t been modfied by an attacker. |
| 76 | |
| 77 | <dt>User name |
| 78 | <dd>Your user name, in plain text. |
| 79 | </dl> |
| 80 | |
| 81 | <h2>How do I know you’re not using this as part of some hideous |
| 82 | behavioural advertising scheme?</h2> |
| 83 | |
| 84 | <p>That’s tricky. I could tell you that this program is |
| 85 | <a href="http://www.gnu.org/philosophy/free-sw.html">free software</a>, and |
| 86 | that you can |
| 87 | <a href="~={script}H/~={package}H-~={version}H.tar.gz">download its |
| 88 | source code</a> and check for yourself. |
| 89 | |
| 90 | <p>That’s true, except that it shouldn’t do much to convince |
| 91 | you that this server is actually running the code it claims to be. And |
| 92 | anyway, Chopwood itself represents only one of many bits of software |
| 93 | which could be keeping track of you somehow through this cookie. |
| 94 | |
| 95 | <p>So, really, it comes down to trust. Sorry. |
| 96 | |
| 97 | ~1[<!------- That's all, folks ------------------------------------------>~]~ |