HttpOnly Cookie and Secure Cookie

Today, I had a situation to explore on the restricting on the access vulnerability of the external facing SharePoint Site. 

 Wanted to explore on httponly cookie and secure (httpsonly) cookie. Gone through the below link and it has nice information about it.

 https://www.troyhunt.com/c-is-for-cookie-h-is-for-hacker/ 

Comments

Post a Comment

Popular posts from this blog

Run Powershell script on Remote Computer/Server

Image
PowerShell Remoting allows you to run individual PowerShell commands or access full PowerShell sessions on remote Windows systems.   PowerShell is locked-down by default, so you’ll have to enable PowerShell Remoting before using it. This setup process is a bit more complex if you’re using a workgroup – for example, on a home network — instead of a domain.   Enabling PowerShell Remoting On the computer you want to access remotely, open a PowerShell window as Administrator – right click the PowerShell shortcut and select Run as Administrator.   To enable PowerShell Remoting, run the following command (known as a cmdlet in PowerShell):  Enable-PSRemoting -Force This command starts the WinRM service, sets it to start automatically with your system, and creates a firewall rule that allows incoming connections. The -Force part of the command tells PowerShell to perform these actions without prompting you for each step     Workgroup ...
Read more

Office file not working for federated authenticated sites in SharePoint (SAML authentication).

  Situation After implementing “iTrust” – SAML authentication while creating external facing sites(DMZ Area) – office files didn’t work.   Task/Analysis Microsoft Office 2016 clients use modern authentication by default. In certain configurations, modern authentication isn’t supported by the Office 2016 clients with SharePoint Server 2016, such as when it is used for Active Directory Federation Services (AD FS) 3.0 installations. SharePoint administrators can now configure SharePoint Server 2016 to suppress modern authentication in Office 2016 clients .   Action To configure SharePoint Server 2016 to suppress modern authentication in Office 2016 clients, follow these steps to run Microsoft PowerShell commands in the SharePoint 2016 Management Shell:   When you install SharePoint Server 2016, the user account from which you ran the installation is granted the appropriate permissions to run Microsoft PowerShell cmdlets. If any users have not been...
Read more

Volatile function error for SharePoint calculated field current date

  Today's Issue: Volatile function error for SharePoint calculated field current date While creating calculated column to find date difference, I encountered this error. Here I have provided the resolution to fix it, Create a  new column  called  Today  (Single line of text). Create a  calculated column , name it anything you want, say ' CurrentDate '. In the  formula , insert the column you created previously ' Today '. Set the data type to ' Date and Time '. Set the Date and Time format to ' Date Only '. You can even select Date & Time if you would want to use hours/minutes as well. Now  delete  the ' Today ' column you created in first step. Don't worry, just go ahead. Add the 'CurrentDate' column to your view and check the value. You should see today's date in there. Modify the formula as required, you can use the column Today just like the function [Today] without any issues. Same approach could also be used for [Me],...
Read more