Cookies: are they really a threat?
At present, Internet is flooded with requests to accept cookies, but it is worth to know what are cookies and why they suddenly emerged and instantly they are everywhere. Cookies are not a fresh invention - they were designed in 1994 and from the developer point of view they are special variables that are saved on client's device (Kaspersky, n.d.). Often within web applications data is saved in database for long-term bulk storage, in session files within server for short-term storage or as variables for runtime use only. All those three methods are using server resources to store and process data, therefore environment is fully controlled and secure. In opposition, cookies are stored on client device where data could be intercepted in transit or altered at rest, and it could be considered the least secure way to store data. Web authentication relays on three factors: something you know, something you have and something you are; and usually refers to passwords, token generating devices and biometrics respectively (Grassi, Garcia and Fenton, 2017). Cookies already fulfils one factor - something you have. Access to the device with saved cookie is already a form of authentication, and that fact is extensively helpful in secure web application design. Internet-based software saving data on user's device without need to have a consent undeniably affect user's privacy, but benefits from using cookies and security measurements within browsers and systems makes cookies mostly harmless and essential for modern applications.
References:
Grassi, P., Garcia, M. and Fenton, J., 2017. Digital Identity Guidelines. Biometric Technology Today, [online] 2017(3), p.1. Available at: <https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-63-3.pdf> [Accessed 5 May 2021].
Kaspersky, n.d. What are Cookies?. [online] www.kaspersky.com. Available at: <https://www.kaspersky.com/resource-center/definitions/cookies> [Accessed 28 April 2022].
Comments
Post a Comment