AJAX Storage: A Look at Flash Cookies and IE Persistence - Best Security Tips offers daily news, information, advices and tips about spyware, adware, viruses, trojans, web vulnerabilities, hackers, other threats    | Register now | Login
   
TIPS NEWS TOOLS DOWNLOADS MALWARE FORUM BOOKS FREE MAGAZINES FREE WEBCASTS & VIDEOS
GFI LANguard Network Security Scanner - Dld 30-day trial! del.icio.us  digg  Furl  NewsVine  Spurl  Blinklist  Ma.gnolia  Reddit  Tailrank  YahooMyWeb 
Best Tips
TrustPort Workstation Re...
McAfee Total Protection ...
Kaspersky Internet Secur...
More Online Shopping Se...
How Virus and Spyware Pr...
Norton Internet Security...
VoIP Servers and Phones ...
Get Protection Against T...
Cryptainer SE Review - ...
Spam: those emails your ...
Security Scanner
Security Categories
 1. Adware/Spyware
 2. Antivirus
 3. Firewall
 4. Phishing
 5. Linux Security
 6. Windows Security
 7. Security Incidents
 8. Web Security
 9. P2P Security
Advertise With Us!
Latest Viruses / Threats
Mal/Spy-C
2008/8/27 16:23:24
Troj/Agent-HMZ
2008/8/27 16:23:24
Troj/BHO-GS
2008/8/27 16:23:24
Troj/FakeAV-CE
2008/8/27 16:23:24
Troj/Mdrop-BVH
2008/8/27 16:23:24
Downloads
 0.Fx MPEG Suite
 1.Daniusoft Video to MP4 Converter
 2.iProtectYou
 3.Deep Ball Defender
 4.Amazing Parrots Screensaver
 5.FlashCam Rebroadcasting server
 6.MysqlDataBackupTool
 7.Photo-Paint 9 script converter
 8.Fast PDF converter
 9.Apex iPod Video Converter Home Edition
Security News
New Firefox 3 Critic...
New QuickTime Vulner...
Synthetic Identity T...
Free PS3 Web Securit...
Message Labs Q3 2007...
Zero Day Windows XP ...
Warner Bros Knocking...
MySpace.com And Face...
Sophos Released A Ne...
SANS Webcast -- Usin...
RSS / Atom Feeds
Web Application Security: AJAX Storage: A Look at Flash Cookies and IE Persistence  
Author: Max : 2006/12/11 Printer Friendly Page Tell a Friend
AJAX Storage: A Look at Flash Cookies and IE Persistence 
AJAX (Asynchronous JavaScript and XML) applications are constantly looking for ways to increase their performance. One obvious way to do this is to store more data locally, since data can be loaded from a local file much more quickly than it can be retrieved from a remote website. Imagine an AJAX application pushing down database tables to your browser once and then allowing you to query that data over and over again without going back to the server.

This also would work well for applications that allow users to access some functions and data offline, queuing up and saving data until the user can reconnect to the server.

In the past, the data storage solution has been to store data in a cookie, but cookies are limited in size to 4KB per domain. Thus, cookies have generally been used to save small bits of information such as a session ID or perhaps a user’s login name for their next visit. Common HTTP cookies can be viewed with a local HTTP proxy and are sent from the website to the web browser and back. There are well-known attack vectors in cookie data–from information leakage to session hijacking to command injection, and more.

Recently, programmers have discovered two technologies that allow for storage greater than the previous 4 KB limits for AJAX applications: Adobe® Macromedia Flash and Internet Explorer’s persistence of user data. Using Adobe® Macromedia Flash, an application can save up to 100 KB without user interaction and an unlimited amount, with user agreement.

The Dojo AJAX framework already includes features for using this storage container. It is estimated that 95 percent of web browsers have Flash 6.0 or later installed—which is necessary for this feature to work properly. Another storage technology is Microsoft® Internet Explorer’s persistence of user data.

Applications using this feature can store up to 64 KB per page as an XML file outside of the standard web browser cache.

In this paper, we will explore the use of both of these solutions and explain some of the security implications associated with each solution.

You can download the whole whitepaper
here
 

Return to Category | Return To Main Index
Identity Theft Protection Services :
LifeLock Identity Theft Prevention Solution
Veracity Credit Optimization Services
Equifax Credit Watch
 Free Credit Report
Identity Truth
Privacy Matters 123



 

HOME | NEWS | SECURITY BLOG | TOOLS | DOWNLOADS | SECURITY BOOKS | TIPS | SITEMAP | TERMS AND CONDITIONS | INTERNET SECURITY SEARCH ENGINE | ADVERTISE ON THIS SITE | CONTACT
Nov '07 | Dec '07 | Jan '08 | Feb '08 | Mar '08 | Apr '08 | May '08 | Jun '08 
Best Security Downloads offers 4000+ free and free to try security downloads