![\"\"](\"https:\/\/cms.aaasec.com.tw\/wp-content\/uploads\/2019\/03\/\u62b1\u6b49\u6211\u7684\u5716\u8ddf\u6211\u7684\u4eba\u4e00\u6a23\u919c.jpg\")
<\/p>\n<\/p>\n
<\/p>\n
\u300c\u6e05\u9664\u6b77\u53f2\u7d00\u9304\u3001Cookie\u3001\u5feb\u53d6\u7b49\u8cc7\u6599\u300d\u3001\u300c\u700f\u89bd\u5668\u7684Cookie\u529f\u80fd\u5df2\u95dc\u9589\u300d\u3001\u300c\u5141\u8a31\u7db2\u7ad9\u5132\u5b58\u53ca\u8b80\u53d6Cookie\u8cc7\u6599\u300d\u3002\u6211\u5011\u5e38\u5728\u4f7f\u7528\u700f\u89bd\u5668\u6642\u770b\u5230\u300cCookie\u300d\u9019\u500b\u5b57\u773c\uff0c\u800c\u5b83\u5230\u5e95\u662f\u4ec0\u9ebc\uff1f\u548c\u9905\u4e7e\u6709\u4ec0\u9ebc\u95dc\u4fc2\u55ce\uff1f\u4ee5\u4e0b\u70ba\u60a8\u89e3\u7b54\u3002<\/p>\n
\u5728\u700f\u89bd\u5668\u4e2d\uff0cCookie\u6307\u7684\u5176\u5be6\u4e26\u4e0d\u662f\u6211\u5011\u4e00\u822c\u6240\u8aaa\u7684\u9905\u4e7e\uff0c\u800c\u662f\u7528\u4f86\u5132\u5b58\u7db2\u9801\u4f3a\u670d\u5668\u50b3\u9001\u7d66\u700f\u89bd\u5668\u7684\u8cc7\u6599\uff0c\u4f3a\u670d\u5668\u5247\u662f\u900f\u904eCookie\u4f86\u5224\u65b7\u4e0d\u540c\u7684\u4f7f\u7528\u8005\u3002<\/p>\n
\u8209\u500b\u7c21\u55ae\u7684\u4f8b\u5b50\uff0c\u5728\u8cfc\u8cb7\u98f2\u6599\u6642\uff0c\u9867\u5ba2\u6703\u5411\u98f2\u6599\u5e97\u4e0b\u8a02\u55ae\uff0c\u800c\u5728\u5e97\u5bb6\u78ba\u8a8d\u5f8c\u6703\u7d66\u9867\u5ba2\u4e00\u500b\u865f\u78bc\u724c\u3002\u4e4b\u5f8c\uff0c\u4e0d\u9700\u8981\u8907\u8aa6\u8a02\u55ae\u7684\u5167\u5bb9\uff0c\u9867\u5ba2\u53ea\u8981\u5c07\u865f\u78bc\u724c\u4ea4\u7d66\u5e97\u5bb6\uff0c\u4fbf\u53ef\u6839\u64da\u5b83\u4f86\u5224\u65b7\u6b64\u9867\u5ba2\u662f\u5426\u4e0b\u904e\u8a02\u55ae\u4ee5\u53ca\u8a02\u55ae\u7684\u5167\u5bb9\uff0c\u4e26\u7d66\u4e88\u5c6c\u65bc\u8a72\u540d\u9867\u5ba2\u7684\u9910\u9ede\u3002<\/p>\n
\u9019\u500b\u4f8b\u5b50\u5c31\u5982\u540c\u662f\u767b\u5165\u7db2\u7ad9\u7684\u52d5\u4f5c\uff0c\u7576\u8f38\u5165\u5e33\u865f\u5bc6\u78bc\u9032\u884c\u767b\u5165\u6642\uff08\u4e0b\u8a02\u55ae\uff09\uff0c\u7db2\u9801\u4f3a\u670d\u5668\uff08\u5e97\u5bb6\uff09\u6703\u56de\u50b3\u4e00\u7d44\u8cc7\u6599\uff0c\u700f\u89bd\u5668\u5c07\u9019\u4e9b\u8cc7\u6599\u5132\u5b58\u5728Cookie\uff08\u865f\u78bc\u724c\uff09\u88e1\u3002\u4e4b\u5f8c\u700f\u89bd\u9019\u500b\u7db2\u7ad9\u4fbf\u4e0d\u9700\u8981\u518d\u9032\u884c\u767b\u5165\u7684\u52d5\u4f5c\uff0c\u4f3a\u670d\u5668\u53ea\u8981\u9760Cookie\uff08\u865f\u78bc\u724c\uff09\u5c31\u80fd\u77e5\u9053\u767b\u5165\u8005\u7684\u8eab\u5206\u3002<\/p>\n
\u5f9e\u4e0a\u9762\u7684\u4f8b\u5b50\u6211\u5011\u53ef\u4ee5\u5f97\u77e5\uff0c\u53ea\u8981\u900f\u904eCookie\u4f3a\u670d\u5668\u5c31\u80fd\u77e5\u9053\u767b\u5165\u8005\u662f\u8ab0\u3002\u90a3\u9ebc\u5982\u679c\u5176\u4ed6\u4eba\u76dc\u7528\u4e86\u5225\u4eba\u7684Cookie\u662f\u4e0d\u662f\u5c31\u6703\u88ab\u507d\u9020\u8eab\u5206\u5462\uff1f<\/p>\n
\u7b54\u6848\uff1a\u662f\uff0c\u53ea\u8981Cookie\u88ab\u5077\u8d70\u4e86\uff0c\u4fbf\u6709\u53ef\u80fd\u88ab\u507d\u9020\u8eab\u5206\u3002\u5077\u8d70Cookie\u7684\u65b9\u6cd5\uff0c\u5728\u4e4b\u524d\u7684\u6587\u7ae0\u300c Code Injection Attack \u2013 Cross-Site Scripting Attack <\/a>(\u53c3\u80037)\u300d \u4e2d\u6240\u4ecb\u7d39\u7684XSS\u653b\u64ca\u5c31\u662f\u5176\u4e2d\u4e00\u7a2e\uff1b\u6216\u8005\u662f\u57282014\u5e74OpenSSL\u7684Heartbleed\u6f0f\u6d1e\u4e2d\uff0c\u4e5f\u6709Cookie\u906d\u7aca\u7684\u53ef\u80fd\u6027\u3002<\/p>\n \u53e6\u5916\u9084\u6709\u4e00\u7a2e\u53eb\u505a\u300c\u8de8\u7ad9\u8acb\u6c42\u507d\u9020(Cross-site Request Forgery, CSRF)\u300d\u7684\u653b\u64ca\u624b\u6cd5\uff0c\u4e5f\u662f\u5229\u7528Cookie\u4f86\u5be6\u73fe\u3002\u6b64\u653b\u64ca\u624b\u6cd5\u7684\u60c5\u5883\u5982\u4e0b\uff0c\u53d7\u5bb3\u8005\u767b\u5165A\u7db2\u7ad9\u4e14\u5176\u700f\u89bd\u5668\u5132\u5b58\u4f3a\u670d\u5668\u56de\u50b3\u7684\u8cc7\u6599\u65bcCookie\u5f8c\uff0c\u518d\u700f\u89bd\u4e86\u60e1\u610f\u7db2\u7ad9B\u3002\u6b64\u6642\uff0cB\u7db2\u7ad9\u4e0d\u9700\u8981\u77e5\u9053\u53d7\u5bb3\u8005\u7684\u5e33\u865f\u5bc6\u78bc\uff0c\u53ea\u8981\u900f\u904e\u8a98\u4f7f\u53d7\u5bb3\u8005\u767c\u9001\u8acb\u6c42\u81f3A\u7db2\u7ad9\uff0c\u4fbf\u53ef\u8b93\u53d7\u5bb3\u8005\u65bcA\u7db2\u7ad9\u9032\u884c\u975e\u672c\u610f\u4e4b\u52d5\u4f5c\u3002(\u8a73\u7d30\u53ef\u67e5\u770b\u53c3\u80036)<\/p>\n \u4ee5\u4e0a\u6240\u63d0\u5230\u7684\u653b\u64ca\u8207\u6f0f\u6d1e\uff0c\u90fd\u6709\u56e0\u70baCookie\u800c\u88ab\u507d\u9020\u8eab\u5206\u7684\u53ef\u80fd\u6027\u3002\u73fe\u4eca\u5df2\u6709\u91dd\u5c0d\u9019\u4e9b\u653b\u64ca\u624b\u6cd5\u8207\u6f0f\u6d1e\u7684\u5c0d\u7b56\u3002\u5982Heartbleed\u6f0f\u6d1e\uff0cOpenSSL\u5df2\u63a8\u51fa\u4fee\u5fa9\u7684\u7248\u672c\uff1bCSRF\u653b\u64ca\u4e5f\u6709\u5229\u7528\u9a57\u8b49\u78bc\u6216Token\u4f86\u9032\u884c\u9632\u79a6\u7684\u65b9\u6cd5\uff1b\u800cXSS\u653b\u64ca\u4e5f\u53ef\u4ee5\u900f\u904e\u8a2d\u5b9aHttpOnly\u4f86\u964d\u4f4eCookie\u88ab\u5077\u8d70\u7684\u98a8\u96aa\u3002<\/p>\n \u900f\u904e\u4e09\u7532\u79d1\u6280\u6240\u63d0\u4f9b\u7684\u300c\u5f31\u9ede\u6383\u63cf\u300d\u4ee5\u53ca\u300c\u6ef2\u900f\u6e2c\u8a66\u300d\u6aa2\u6e2c\u670d\u52d9\uff0c\u78ba\u4fdd\u4f01\u696d\u7684\u5167\u90e8\u7db2\u7ad9\u4e0d\u5b58\u5728\u9019\u4e9b\u8cc7\u5b89\u6f0f\u6d1e\u3002\u60f3\u4e86\u89e3\u300c\u5f31\u9ede\u6383\u63cf\u300d\u8207\u300c\u6ef2\u900f\u6e2c\u8a66\u300d\u662f\u4ec0\u9ebc\uff0c\u53ef\u4ee5\u95b1\u8b80\u6b64\u7bc7\u6587\u7ae0\u300c \u9ad8\u968e\u8cc7\u5b89\u61f6\u4eba\u5305 – PT\u3001VA <\/a>\u300d(\u53c3\u80038)\u3002<\/p>\n\u9762\u5c0d\u53ef\u6015\u7684\u9905\u4e7e\u602a\uff0c\u6211\u7684Cookie\u662f\u5b89\u5168\u7684\u55ce\uff1f<\/h3>\n
\u8981\u600e\u9ebc\u78ba\u8a8d\u6211\u7684\u7db2\u7ad9\u6c92\u6709\u9019\u4e9b\u6f0f\u6d1e \uff08\u5de5\u5546\u6642\u9593\uff09<\/h3>\n
Reference<\/h3>\n
\n