Skip to content
Advertisement

Where to store cookies safely on Linux

I’m running curl from PHP and I want to use cookies.

Curl, in PHP, accept the option COOKIEJAR that specifies the location where to save the cookie.

I wanted to set it to

curl_setopt_array(
  CURLOPT_COOKIEJAR => sys_get_temp_dir() . '/cookie.txt'
  ...
);

My first thought was to put them into the /tmp folder but then I wondered about the security implications.

I know that absolute security doesn’t exist but, where should a cookie be stored, in a Linux environment, to be reasonably safe?

Advertisement

Answer

In Linux everything is file and controlled by operation system filesystem.

you dont have to store a specific file in a weird location because of security since even ssl keys store in /etc/ssl/private/ for example.

the only Strong mechanism to gain the security is to directly specify the Ownership and chmod of the file to be not accessible by others.

chmod -c 700

is the most powerful with chown to user.

then protected users passwords.

Another Security Layer

you can add encryption and decryption for the file, but you have to save the key some where on the disk and protect with File Ownership mechanism.

User contributions licensed under: CC BY-SA
8 People found this is helpful
Advertisement