HttpOnly Cookie and Secure Cookie

Today, I had a situation to explore on the restricting on the access vulnerability of the external facing SharePoint Site. 

 Wanted to explore on httponly cookie and secure (httpsonly) cookie. Gone through the below link and it has nice information about it.

 https://www.troyhunt.com/c-is-for-cookie-h-is-for-hacker/ 

Comments

Post a Comment

Popular posts from this blog

Run Powershell script on Remote Computer/Server

Image
PowerShell Remoting allows you to run individual PowerShell commands or access full PowerShell sessions on remote Windows systems.   PowerShell is locked-down by default, so you’ll have to enable PowerShell Remoting before using it. This setup process is a bit more complex if you’re using a workgroup – for example, on a home network — instead of a domain.   Enabling PowerShell Remoting On the computer you want to access remotely, open a PowerShell window as Administrator – right click the PowerShell shortcut and select Run as Administrator.   To enable PowerShell Remoting, run the following command (known as a cmdlet in PowerShell):  Enable-PSRemoting -Force This command starts the WinRM service, sets it to start automatically with your system, and creates a firewall rule that allows incoming connections. The -Force part of the command tells PowerShell to perform these actions without prompting you for each step     Workgroup ...
Read more

SPDActivities - DP.SharePoint.Workflow - Workflow failed to run

Image
One of my SP 2016 application is using SPDActivities of Email extended feature of DP.SharePoint.Workflow to provide custom "From" address. But customers started to complain that they are not getting reminder emails anymore. Find below my STAR analysis, Situation : Recently I was facing an issue - Approval workflow failed to run. Customers not getting reminder emails anymore. Task : - Planned to look into SharePoint services, IIS site, web.config files (WFE and App Server), Latest patch/MS update/CU, Users permission. Analysis : Started looking into each below items,  - SharePoint Timer Service and Administration services were running and good - Account which is running the workflow got required permission - DP.SharePoint.Workflow got activated for the web application - Checked into web.config file in WFE server and App Server for below sections Under <SafeControls> below 3 lines need to added both in WFE and App server web.config files, ...
Read more

Office file not working for federated authenticated sites in SharePoint (SAML authentication).

  Situation After implementing “iTrust” – SAML authentication while creating external facing sites(DMZ Area) – office files didn’t work.   Task/Analysis Microsoft Office 2016 clients use modern authentication by default. In certain configurations, modern authentication isn’t supported by the Office 2016 clients with SharePoint Server 2016, such as when it is used for Active Directory Federation Services (AD FS) 3.0 installations. SharePoint administrators can now configure SharePoint Server 2016 to suppress modern authentication in Office 2016 clients .   Action To configure SharePoint Server 2016 to suppress modern authentication in Office 2016 clients, follow these steps to run Microsoft PowerShell commands in the SharePoint 2016 Management Shell:   When you install SharePoint Server 2016, the user account from which you ran the installation is granted the appropriate permissions to run Microsoft PowerShell cmdlets. If any users have not been...
Read more