chiark / gitweb /
httpauth.py: Don't crash if Base-64 decoding of the CSRF token fails.
[chopwood] / cookies.fhtml
CommitLineData
a2916c06
MW
1~1[<!-- -*-html-*-
2 --
3 -- Information about cookies
4 --
5 -- (c) 2013 Mark Wooding
6 -->
7
8<!------- Licensing notice --------------------------------------------------
9 --
10 -- This file is part of Chopwood: a password-changing service.
11 --
12 -- Chopwood is free software; you can redistribute it and/or modify
13 -- it under the terms of the GNU Affero General Public License as
14 -- published by the Free Software Foundation; either version 3 of the
15 -- License, or (at your option) any later version.
16 --
17 -- Chopwood is distributed in the hope that it will be useful,
18 -- but WITHOUT ANY WARRANTY; without even the implied warranty of
19 -- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
20 -- GNU Affero General Public License for more details.
21 --
22 -- You should have received a copy of the GNU Affero General Public
23 -- License along with Chopwood; if not, see
24 -- <http://www.gnu.org/licenses/>.
25 -->~]~
26
27<h1>Why and how Chopwood uses cookies</h1>
28
29<h2>Which cookies does Chopwood actually store?</h2>
30
31<p>Chopwood uses only one cookie, named <b>chpwd-token</b>. The cookie is
32stored with a maximum lifetime of 25 minutes: after this time, your browser
33should forget all about it (and the server will stop caring about what it
34means).
35
36<h2>What do you need this cookie for?</h2>
37
e8410ae0
MW
38<p>The cookie contains a token which tells the server that you&rsquo;ve
39logged in properly. We could have chosen to use a hidden form field to
40carry this token about, but that causes other trouble.
a2916c06
MW
41
42<p>For example, if we used <b>GET</b> requests then the token would appear as
43part of a URL, where it would end up being written in the location bar of
44many browsers, stored in history databases, many even sent to random cloud
45services; this obviously has an adverse effect on security. Also, the token
46is kind of long and ugly.
47
48<p>We could avoid this problem by using <b>POST</b> requests everywhere, but
e8410ae0 49that causes other trouble. In particular, you&rsquo;d get that annoying
a2916c06
MW
50<blockquote>
51 The page that you&rsquo;re looking for used information that you
ea0eda5a
MW
52 entered. Returning to that page might cause any action that you took
53 to be repeated.
a2916c06
MW
54</blockquote>
55message whenever you hit the reload button.
56
e8410ae0 57<h2>What&rsquo;s in this cookie?</h2>
a2916c06
MW
58
59<p>If you actually look at the cookie, you find that it looks something like
60this:
61<blockquote>
3cf8e1b7 62 <tt>1357322139.eBcBNYFhi6sKpGuahfr7yQDzqOJuYZZexJbVug9ultU.mdw</tt>
a2916c06 63</blockquote>
3cf8e1b7 64(Did I say something about long and ugly?) It consists of three pieces
a2916c06
MW
65separated by dots &lsquo;<tt>.</tt>&rsquo;.
66
67<dl>
68<dt>Datestamp
69<dd>The time at which the cookie was issued, as a simple count of (non-leap)
4c551c58 70seconds since 1970&ndash;01&ndash;01 00:00:00 UTC (or what would have been
a2916c06
MW
71that if UTC had existed back then in its current form).
72
a2916c06 73<dt>Tag
e8410ae0
MW
74<dd>This is a cryptographic check that the other parts of the token
75haven&rsquo;t been modfied by an attacker.
a2916c06
MW
76
77<dt>User name
78<dd>Your user name, in plain text.
79</dl>
80
e8410ae0
MW
81<h2>How do I know you&rsquo;re not using this as part of some hideous
82behavioural advertising scheme?</h2>
a2916c06 83
e8410ae0 84<p>That&rsquo;s tricky. I could tell you that this program is
138df99f 85<a href="http://www.gnu.org/philosophy/free-sw.html">free software</a>, and
8c4d90a3 86that you can
b035635b 87<a href="~={script}H/~={package}H-~={version}H.tar.gz">download its
8c4d90a3 88source code</a> and check for yourself.
a2916c06 89
e8410ae0
MW
90<p>That&rsquo;s true, except that it shouldn&rsquo;t do much to convince
91you that this server is actually running the code it claims to be. And
92anyway, Chopwood itself represents only one of many bits of software
93which could be keeping track of you somehow through this cookie.
a2916c06
MW
94
95<p>So, really, it comes down to trust. Sorry.
96
97~1[<!------- That's all, folks ------------------------------------------>~]~