摘要
Cookie的使用方便了人们的网上生活,但同时对用户的许多隐私信息构成了威胁。文章首先介绍了Cookie技术的发展背景、相关概念、应用领域及基本特征,说明了Cookie的工作原理和Cookie结构;其次讲述了常见的Cookie技术的漏洞,Cookie欺骗和Cookie注入的原理和方法;最后介绍了针对Cookie技术的安全防护措施,并详细描述了一种基于Cookie特性分析的系统设计思想及其在VC环境下的实现过程。系统主要包含两个核心模块:Cookie特性分析模块和Cookie安全防护模块。实现了Cookie查看、修改Cookie属性、删除Cookie、禁用Cookie、监视Cookie等功能。系统为普通用户和专业用户提供了不同的防御功能,让用户一定程度上可以更清晰地认识Cookie、提高自身安全意识和防范本地Cookie失窃。
It's easy for us to surf online with cookie, but at the same time it poses a threat to the user's private information. Firstly, development background, some relative concepts, application range, and basic characteristic are introduced on cookie technology, and then basic working principles and structure of cookie are explained in this paper. Secondly, the principles and methods of some common security vulnerabilities such as cookie deception and cookie injection on cookie technology are introduced. Finally, security measures based on cookie technology are given, design idea based on analysis of cookie features and the process to fulfill it under VC ++ environment is described in detail. The system consists of two core modules: cookie characteristic analysis module and cookie security module. It implements some functions, such as view cookies, modify the cookie attribute, delete cookies, disable cookies, surveillance Cookie, etc. It provides different defensive functions for ordinary users and professional users and allows users to have a better understanding of cookie to a certain extent, improve their safety awareness and prevent local cookie from stealing.
出处
《信息网络安全》
2012年第9期46-49,共4页
Netinfo Security
