top of page
Writer's pictureprashant singh

Query Parameter SSL


URL contain a sensitive query parameter and stored in the browser history. Web application may be configured log the URL of all request. So, result is sensitive parameter is saved in the log.

Fix:

The solution to this problem requires two steps:


· If necessary then pass sensitive data. Once a user is authenticated with a session ID limited lifetime.

· Use non-persistent, session level cookies to hold session IDs and other private data.


The advantage of using session level cookies to carry this information:


· They are not stored in the browsers history or on the disk

· They are usually not stored in server logs

· They are not passed to embedded resources such as images or javascript libraries

. They only apply to the domain and path for which they were issued

26 views0 comments

Recent Posts

See All

Comentários


bottom of page