I know the feeling. I am always hesitant to ask in case I am wrong, but I figured what the hell.
If I am wrong & the author has references to back up his claims I look silly for a bit and it adds more context for future readers like you and me. I also learn about a new attack vector as an added bonus.
If I am right, hopefully it leads to the author updating the post a bit to fix the mistake and we all live happily ever after (or until the next Heartbleed).
What you say is true, the attacker will not have access to the cookies themselves. However there are trickier vector attacks he can perform, see for example
I know the feeling. I am always hesitant to ask in case I am wrong, but I figured what the hell.
If I am wrong & the author has references to back up his claims I look silly for a bit and it adds more context for future readers like you and me. I also learn about a new attack vector as an added bonus.
If I am right, hopefully it leads to the author updating the post a bit to fix the mistake and we all live happily ever after (or until the next Heartbleed).
What you say is true, the attacker will not have access to the cookies themselves. However there are trickier vector attacks he can perform, see for example
stackoverflow.com/questions/266969...