I’m running curl from PHP and I want to use cookies.
Curl, in PHP, accept the option COOKIEJAR that specifies the location where to save the cookie.
I wanted to set it to
curl_setopt_array( CURLOPT_COOKIEJAR => sys_get_temp_dir() . '/cookie.txt' ... );
My first thought was to put them into the /tmp folder but then I wondered about the security implications.
I know that absolute security doesn’t exist but, where should a cookie be stored, in a Linux environment, to be reasonably safe?
Advertisement
Answer
In Linux everything is file and controlled by operation system filesystem.
you dont have to store a specific file in a weird location because of security since even ssl keys store in /etc/ssl/private/ for example.
the only Strong mechanism to gain the security is to directly specify the Ownership and chmod of the file to be not accessible by others.
chmod -c 700
is the most powerful with chown to user.
then protected users passwords.
Another Security Layer
you can add encryption and decryption for the file, but you have to save the key some where on the disk and protect with File Ownership mechanism.