My OperaCookie Overflow and cookie-less auth
Sunday, May 4, 2008 4:38:07 AM
Interesting work by Alex on handling cookie security issues in Opera and other browsers. 
He talks about cookie setting limits and how that may be exploitable given you can force an overflow of cookie writes by taking advantage of Opera's (and Firefox) cookie limit. Also, makes an interesting point about Opera's speed:
Maybe one of the Opera devs can take a look at this and see if Opera needs to be tweaked to lessen any possible security risk. Not sure if he was using the current release or Opera v9.5 beta 2.
He talks about cookie setting limits and how that may be exploitable given you can force an overflow of cookie writes by taking advantage of Opera's (and Firefox) cookie limit. Also, makes an interesting point about Opera's speed:
The question is; can we win this race?
In Firefox, it takes approximately 100 miliseconds on my machine to set 1000 cookies over 20 hostnames, with 1 hostname per iframe. So we can win any race.
In my testing Opera is much faster at navigating between pages and setting cookies, however I'm still unsure if we can win this race in Opera.
Maybe one of the Opera devs can take a look at this and see if Opera needs to be tweaked to lessen any possible security risk. Not sure if he was using the current release or Opera v9.5 beta 2.
