Mailing List Archive
Support open source code!
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: tlug: Cookies and Netscape
- To: tlug@example.com
- Subject: Re: tlug: Cookies and Netscape
- From: "Stephen J. Turnbull" <turnbull@example.com>
- Date: Wed, 11 Aug 1999 14:39:02 +0900 (JST)
- Content-Transfer-Encoding: 7bit
- Content-Type: text/plain; charset=us-ascii
- In-Reply-To: <37B0A1A7.6A446F84@example.com>
- References: <199908082117.VAA129164@example.com><37B0A1A7.6A446F84@example.com>
- Reply-To: tlug@example.com
- Sender: owner-tlug@example.com
>>>>> "Fredric" == Fredric Fredricson <fredric.fredriksson@example.com> writes:
Fredric> A http server can set and clear cookies by sending a
Fredric> set-cookie response header as part of the response to a
Fredric> http request from a browser.
True.
Fredric> It can not explicitly request cookies or examine the
Fredric> cookies held by the browser but the browser will always
Fredric> send back the cookies that originated from the server as
Fredric> part of each http request header.
True, except that an RFC-2109 compliant browser offers the user
control over whether to accept cookies, and optionally fairly fine
control over when to return them. Replace "always" by "semi-
automatically" and you're OK.
Fredric> That is, a http server will only have access to the
Fredric> cookies generated by the same server.
False. First of all, "closely related" servers, such as
"www1.isp.com", "www2.isp.com", and "random-dot-com.isp.com" can
share cookies by design. All that is required is for the originating
server to use the domain=.isp.com form in the set cookie request.
Second, the DNS is not utterly reliable.
Third, a malicious CGI can embed your cookies in an URI to another
site, thus propagating them.
Fredric> Given this I feel that cookies have actually been the
Fredric> target for a massive FUD campaign. I can not really see
Fredric> what harm they can cause.
User information (such as client host and any registration information
that may be provided) can be correlated with click trails. This can
be assembled in a file and sold, eg. Then a new cookie is generated,
generating more information. I can imagine related retail sites doing
this, for example, on a quid pro quo basis.
I can think of a lot of situations where I would find having those
trails correlated in one place embarrassing, and analogous situations
where they might be harmful.
--
University of Tsukuba Tennodai 1-1-1 Tsukuba 305-8573 JAPAN
Institute of Policy and Planning Sciences Tel/fax: +81 (298) 53-5091
__________________________________________________________________________
__________________________________________________________________________
What are those two straight lines for? "Free software rules."
-------------------------------------------------------------------
Next Technical Meeting: August 14 (Sat), 13:00 place: Temple Univ.
*** Special guest: Marc Christensen (Salt Lake Linux Users Group)
Next Nomikai: September 20 (Fri), 19:30 Tengu TokyoEkiMae 03-3275-3691
-------------------------------------------------------------------
more info: http://www.tlug.gr.jp Sponsor: Global Online Japan
- Follow-Ups:
- Re: tlug: Cookies and Netscape
- From: Fredric Fredricson <Fredric.Fredriksson@example.com>
- Re: tlug: Cookies and Netscape
- References:
- tlug: Cookies and Netscape
- From: "Subba Rao" <subb3@example.com>
- Re: tlug: Cookies and Netscape
- From: Fredric <fredric.fredriksson@example.com>
- tlug: Cookies and Netscape
- Prev by Date: Re: tlug: Good stable Linux Laptop
- Next by Date: tlug: Kterm
- Prev by thread: Re: tlug: Cookies and Netscape
- Next by thread: Re: tlug: Cookies and Netscape
- Index(es):
| Home Page | Mailing List | Linux and Japan | TLUG Members | Links |