[2365] in WWW Security List Archive
Re: Smart Fine Print
daemon@ATHENA.MIT.EDU (Frank Chen)
Tue Jul 9 15:58:38 1996
Date: Tue, 09 Jul 1996 11:08:18 -0700
From: Frank Chen <frank@netscape.com>
Reply-To: frank@netscape.com
To: Benjamin Tomhave <tomhavbe@martin.luther.edu>
CC: Nick Szabo <szabo@netcom.com>, www-security@ns2.rutgers.edu
Errors-To: owner-www-security@ns2.rutgers.edu
Benjamin Tomhave wrote:
> It seems to me that, now that we are raising this issue in a more
> public arena, hopefully companies such as Netscape will pay attention a
> little more and consider finding a less shady way of implementing
> persistant cookies. A good start would be adding a patch, or adding in
> the next release, the option to deny use of the cookie file.
Benjamin:
We work hard to avoid "shady implementations" in our products, and
following
the first public uproar around cookies a couple of months ago,
we did indeed put the feature you describe into Netscape Navigator.
In Navigator 3.0, click the "Protocols" tab of "Network Preferences"
(under
the Options menu). You will be able to toggle a preference that
determines
whether you are alerted whenever a server delivers you a cookie. When
the
server presents a cookie, you then have the choice of accepting or
rejecting
the cookie. I believe this preference should allay any of the potential
privacy concerns associated with cookies.
I am not sure whether this preference is available in other browsers.
If there are any other security issues that worry you, please let us
know.
We regularly monitor this and other public forums, and especially in
security
land, where I work, we are especially sensitive. :-)
--
frank@netscape.com | Netscape Communications
tel: 415.937.3703 | 501 East Middlefield Road
fax: 415.528.4120 | Mountain View, CA 94043
