Foundations of Python Network Programming 2nd edition phần 6

cô lập các dự án của bạn với nhau bằng cách cho mỗi người trong số họ môi trường ảo của riêng của nó bằng cách sử dụng lệnh virtualenv thảo luận trong Chương 1. Thứ ba, thực tế là bạn đang đọc cuốn sách này chỉ ra rằng bạn có thể đã thông qua một trong những khuyến nghị của tôi quan trọng nhất: | CHAPTER 9 HTTP But you should know that these other mechanisms exist if you are writing web clients proxies or even if you simply browse the Web yourself and are interested in controlling your identity. HTTP Session Hijacking A perpetual problem with cookies is that web site designers do not seem to realize that cookies need to be protected as zealously as your username and password. While it is true that well-designed cookies expire and will no longer be accepted as valid by the server cookies while they last give exactly as much access to a web site as a username and password. If someone can make requests to a site with your login cookie the site will think it is you who has just logged in. Some sites do not protect cookies at all they might require HTTPS for your username and password but then return you to normal HTTP for the rest of your session. And with every HTTP request your session cookies are transmitted in the clear for anyone to intercept and start using. Other sites are smart enough to protect subsequent page loads with HTTPS even after you have left the login page but they forget that static data from the same domain like images decorations CSS files and JavaScript source code will also carry your cookie. The better alternatives are to either send all of that information over HTTPS or to carefully serve it from a different domain or path that is outside the jurisdiction of the session cookie. And despite the fact this problem has existed for years at the time of writing it is once again back in the news with the celebrated release of Firesheep. Sites need to learn that session cookies should always be marked as secure so that browsers will not divulge them over insecure links. Earlier generations of browsers would refuse to cache content that came in over HTTPS and that might be where some developers got into the habit of not encrypting most of their web site. But modern browsers will happily cache resources fetched over HTTPS some will even save it

Không thể tạo bản xem trước, hãy bấm tải xuống
TÀI LIỆU MỚI ĐĂNG
Đã phát hiện trình chặn quảng cáo AdBlock
Trang web này phụ thuộc vào doanh thu từ số lần hiển thị quảng cáo để tồn tại. Vui lòng tắt trình chặn quảng cáo của bạn hoặc tạm dừng tính năng chặn quảng cáo cho trang web này.