Well, the security concern you say is not accurate. Every one, from everywhere, can ask to your service, if you haven't network configuration to prevent it. CORS is an automatic block only for browsers. I think a ddos from a browser is not a concern, but it is the cookie one. Stealing cookies is not hard to make if the server has miss configuration, aka Apache/nginx.
Anyway! It's a good post, talking about the usually unknown Mr. CORS is good. Thank you for share knowledge 😊
Can you share more about "Stealing cookies is not hard to make if the server has miss configuration, aka Apache/Nginx" ?
Currently I am setting cookies in a response from PHP using setcookie method. It would be helpful if you can share more about Apache/Nginx involvement here.
Hi Zubair, there are tools that automatically steal cookies session. Search about that, usually those tools are included in kali linux or it can be manually installed in linux/unix.
For further actions, you may consider blocking this person and/or reporting abuse
We're a place where coders share, stay up-to-date and grow their careers.
Well, the security concern you say is not accurate. Every one, from everywhere, can ask to your service, if you haven't network configuration to prevent it. CORS is an automatic block only for browsers. I think a ddos from a browser is not a concern, but it is the cookie one. Stealing cookies is not hard to make if the server has miss configuration, aka Apache/nginx.
Anyway! It's a good post, talking about the usually unknown Mr. CORS is good. Thank you for share knowledge 😊
Hi. Thank you for your comment.
Can you share more about "Stealing cookies is not hard to make if the server has miss configuration, aka Apache/Nginx" ?
Currently I am setting cookies in a response from PHP using
setcookie
method. It would be helpful if you can share more about Apache/Nginx involvement here.Thanks :)
Hi Zubair, there are tools that automatically steal cookies session. Search about that, usually those tools are included in kali linux or it can be manually installed in linux/unix.