In: Economics
What are the security risks involved in allowing cookies to be stored on your computer?
Risks associated with storing cookies-
Cross Site Request Forgery Attack (XSRF)
A browser sends a cookie in response to a request, regardless of where the request came from. This is where the actual problem with cookies comes in. When a website receives a request, it cannot distinguish whether the action is initiated by the user or not. It looks for the cookie and, if the cookie is available, it deliberately performs the action as if the user initiated it.
Session Fixation
Session fixation attacks are based on application level. In this type of attacks, an attacker impels the user to use the attacker’s or another’s session ID. This can be done by using the cookie’s browser directive path, hence the user pretends to be someone else. Using this method, an attacker can urge the user to log in as the attacker on various application levels.
Cross-Site Scripting
In order to carry out a cross-site scripting exploit, an attacker has to place the exploit in a cookie. Then the exploit vector will fetch the payload from the cookie and the exploitation is carried out. This type of attack will become difficult if the cookie has already been set; in this case, the attacker has to control the first cookie in the cookie string and only then can the attack be carried out.