Skip to content
This repository has been archived by the owner on Dec 11, 2019. It is now read-only.

Encrypt Cookies #10044

Closed
darkdh opened this issue Jul 18, 2017 · 3 comments · Fixed by brave/muon#262
Closed

Encrypt Cookies #10044

darkdh opened this issue Jul 18, 2017 · 3 comments · Fixed by brave/muon#262
Assignees
@darkdh
Labels
hackday Legacy label for a one-day hack-session. QA/checked-Linux QA/checked-macOS QA/checked-Win64 QA/test-plan-specified release-notes/include security
Milestone
0.20.x (Release C...

Comments

@darkdh
Copy link
Member

darkdh commented Jul 18, 2017
edited by luixxiul
Loading

Test plan

#10044 (comment)

We need to encrypt our cookie value in User Dir/Cookies
so that we will see encrypted_value instead of plain value
@darkdh darkdh self-assigned this Jul 18, 2017
@darkdh darkdh mentioned this issue Jul 18, 2017
Closed
@darkdh
Copy link
Member Author

darkdh commented Jul 18, 2017

blocks #10045

@darkdh darkdh added security hackday Legacy label for a one-day hack-session. labels Jul 18, 2017
@darkdh darkdh added this to the 0.20.x (Nightly Channel) milestone Jul 24, 2017
@jumde jumde mentioned this issue Jul 24, 2017
Merged
jumde added a commit to jumde/muon that referenced this issue Jul 24, 2017
@jumde
Fixed initialization of cookie_config.crypto_delegate to encrypt cook…
1952302 
…ies at rest.

fixes brave/browser-laptop#10044
Auditors: @bridiver, @darkdh
@luixxiul
Copy link
Contributor

@darkdh would you mind specifying the manual test plan? thanks!

@darkdh
Copy link
Member Author

darkdh commented Jul 31, 2017

Test Plan

  1. Go to usr dir and sqlite3 Cookies
  2. select host_key, name, value, encrypted_value from cookies;
  3. you will see value is empty and we have encrypted_value (before this change, you can see a plaintext value and an empty encrypted_value)

@NumDeP NumDeP mentioned this issue Sep 30, 2017
Open
This was referenced Dec 20, 2017
Closed
Closed
This was referenced Dec 27, 2017
Closed
Closed
@srirambv srirambv mentioned this issue Jan 9, 2018
Closed
31 tasks
@kjozwiak kjozwiak mentioned this issue Jan 31, 2018
Closed
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees

@darkdh darkdh

Labels
hackday Legacy label for a one-day hack-session. QA/checked-Linux QA/checked-macOS QA/checked-Win64 QA/test-plan-specified release-notes/include security
Projects
None yet
Milestone
0.20.x (Release Channel)
Development

Successfully merging a pull request may close this issue.

Encrypt cookies at rest (#10044) jumde/muon
4 participants
@luixxiul @darkdh @srirambv @LaurenWags