[转载]锁定Cookies:Web安全验证 防范网钓和active攻击(英文资料)
原始链接:http://www.eecs.berkeley.edu/Pubs/TechRpts/2007/EECS-2007-25.pdf信息来源:邪恶八进制信息安全团队(www.eviloctal.com)
This paper proposes new methods for web authentication that are secure against phishing and pharming attacks. We explore the use of browser cookies as authenticators that cannot inadvertently be given away by users, and introduce locked cookies, which are cookies that are bound to the originating server’s public key.
页:
[1]