Filter
Top Products
Fortinet 35 FortiWeb 5.0 Patch 6 Administration Guide
At each time, some inputs/actions are known to be valid and possible, while others are not.
Without memory of history to define the current context, which actions are valid and
possible, and therefore how it should function, cannot be known.
When software cannot function without memory, it is statef
ul. Many important features —
denying access if a person is not currently logged in, for example, or shipping what has been
added to
a shopping cart — are stateful, and therefore can’t be supported by purely stateless
HTTP according to the original RFC. Such features require that web apps augment the HTTP
protocol by adding a notion of session memory via:
• Cookies per RFC 2965
• Hidden inputs
•
Server-side sessions
• Other means (see “Authentication styles” on page 221)
Because memory is an accumulation of input,
sessions
have security implications.
• Can a different client easily forge another’s session?
• Ar
e session IDs reused in encrypt form data, thereby weakening the encryption?
• Are session histories used to check for invalid next URLs or inputs (state transitions)?
When sessions are not protected to prevent misuse, software can be used in unexpected
wa
ys by at
tackers.
For example, let’s say there is a vending machine. You must insert money first. If you:
• insert a paper clip instead of a coin
• pr
ess the button for a snack before you have inserted enough money
• press the button to return your money before you have inserted any money
the machine will do nothing. The machine is
designed so that i
t must be in the state where it
has received enough money before it will dispense the snack (or return your change).
Figure 2: State transitions in a vending machine
If the vending machine had no notion of states, it would dispense free snacks or change —
regardless of whether it had received any money.
While free snacks might make some hungry people happy, it is not the intended behavior. We
would sa
y that the vending machine is broken.