来自谷歌:
例如,我们使用名为“SID”和“HSID”的Cookie,其中包含用户的Google帐户ID和最近登录时间的数字签名和加密记录。 这两个cookie的组合允许我们阻止许多类型的攻击,例如试图窃取您在网页上完成的表单内容。
我真的不明白最后一句话。 如何保护帐户ID免受攻击? 不是相反吗? 就像用户每次都必须登录才能使服务100%安全?
From google :
For example, we use cookies called ‘SID’ and ‘HSID’ which contain digitally signed and encrypted records of a user’s Google account ID and most recent sign-in time. The combination of these two cookies allows us to block many types of attack, such as attempts to steal the content of forms that you complete on web pages.
I don't really understand the last sentence . How keeping the account ID protects from attacks ? Isn't it the other way round ? Like the user should have to sign in every time for the service to be 100% secure ?
最满意答案
必须了解cookie的目的。 确实,为了获得最佳安全性,您必须每次都登录...但是每次您访问网站时都是这样,而不是每次您点击链接,查看新页面或单击导航按钮。 显然,您不希望在每个新页面上登录!
这就是饼干所做的。 他们在页面之间“记住”您的登录信息。 在Google的情况下,这两个Cookie唯一地标识特定的“会话”或“登录”(使用的Google帐户并签到时间),并且仅存储在您从中执行登录的计算机上。 因此,您可以访问多个页面,Google知道它就是您,但由于没有其他人提供这些精确的Cookie,因此他们无法冒充您。
One must understand the purpose of cookies. It is true that for best security, you have to sign in every time... but by that you mean every time you go to the website, not every time you click on a link, view a new page or click a navigation button. Clearly you don't want to sign in on each new page!
That's what the cookies do. They "remember" your login information when going between pages. In Google's case, the two cookies uniquely identify a particular "session" or "sign in" (Google account used and sign in time) and are stored only on the computer that you performed that sign-in from. So you can access multiple pages and Google knows it is you, but since nobody else posesses those precise cookies, they can't impersonate you.
SID和HSID cookie:它们使用的是什么?(SID and HSID cookies : what are they uses?)来自谷歌:
例如,我们使用名为“SID”和“HSID”的Cookie,其中包含用户的Google帐户ID和最近登录时间的数字签名和加密记录。 这两个cookie的组合允许我们阻止许多类型的攻击,例如试图窃取您在网页上完成的表单内容。
我真的不明白最后一句话。 如何保护帐户ID免受攻击? 不是相反吗? 就像用户每次都必须登录才能使服务100%安全?
From google :
For example, we use cookies called ‘SID’ and ‘HSID’ which contain digitally signed and encrypted records of a user’s Google account ID and most recent sign-in time. The combination of these two cookies allows us to block many types of attack, such as attempts to steal the content of forms that you complete on web pages.
I don't really understand the last sentence . How keeping the account ID protects from attacks ? Isn't it the other way round ? Like the user should have to sign in every time for the service to be 100% secure ?
最满意答案
必须了解cookie的目的。 确实,为了获得最佳安全性,您必须每次都登录...但是每次您访问网站时都是这样,而不是每次您点击链接,查看新页面或单击导航按钮。 显然,您不希望在每个新页面上登录!
这就是饼干所做的。 他们在页面之间“记住”您的登录信息。 在Google的情况下,这两个Cookie唯一地标识特定的“会话”或“登录”(使用的Google帐户并签到时间),并且仅存储在您从中执行登录的计算机上。 因此,您可以访问多个页面,Google知道它就是您,但由于没有其他人提供这些精确的Cookie,因此他们无法冒充您。
One must understand the purpose of cookies. It is true that for best security, you have to sign in every time... but by that you mean every time you go to the website, not every time you click on a link, view a new page or click a navigation button. Clearly you don't want to sign in on each new page!
That's what the cookies do. They "remember" your login information when going between pages. In Google's case, the two cookies uniquely identify a particular "session" or "sign in" (Google account used and sign in time) and are stored only on the computer that you performed that sign-in from. So you can access multiple pages and Google knows it is you, but since nobody else posesses those precise cookies, they can't impersonate you.
发布评论