[2362] in WWW Security List Archive
Re: Smart Fine Print
daemon@ATHENA.MIT.EDU (William Perry)
Tue Jul 9 13:08:28 1996
Date: Tue, 9 Jul 1996 08:01:12 -0700
From: William Perry <wmperry@spry.com>
To: Michael Brennen <mbrennen@fni.com>
Cc: William Perry <wmperry@spry.com>, www-security@ns2.rutgers.edu
In-Reply-To: <Pine.LNX.3.94.960709093653.14106H-100000@ns1.fni.com>
Reply-to: wmperry@spry.com
Errors-To: owner-www-security@ns2.rutgers.edu
Michael Brennen writes:
>On Tue, 9 Jul 1996, William Perry wrote:
>
>> Michael Brennen writes:
>> >Just edit the cookies.txt file to be empty (or delete it and touch it),
>> >then set the read only attribute on the file. I wish I could say this is
>> >cleverly ingenious of me, but it is not. I picked it up from someone
>> >else, and it works. I went to doubleclick.net and ran around -- with nary
>> >a cookie set. They may keep other info, but cookies seems rather critical
>> >to their scheme.
>>
>> Most cookie implementations do not try to write to the cookies.txt file
>> until you _EXIT_ the application - they are still floating around in
>> internal storage and will be sent during THAT session.
>
>cookies.txt was clear after Netscape was closed -- still is. The cookies
>won't be remembered across sessions, and it was my understanding that this
>is what doubleclick's scheme depended on. They need the cookies laying
>around to know what they think I want to see next. Have I missed
>something?
My point was that this might protect you against doubleclick's scheme
(possibly, would have to see their code to know exactly, and that's not
very likely :), but not against all possibly nasty/sneaky/rude uses of
cookies out there, especially if you keep your browser running for a long
time.
-Bill P.
PS: snide comment about certain browsers being able to run a long time left
out. :)
