[2368] in WWW Security List Archive
Re: COMMENT: Cookie dough (fwd)
daemon@ATHENA.MIT.EDU (Gene Ingram)
Tue Jul 9 20:54:38 1996
Date: Tue, 09 Jul 1996 15:24:52 -0700
From: Gene Ingram <gene@hpfsvr01.cup.hp.com>
Reply-To: www-security <www-security@ns2.rutgers.edu>
To: www-security <www-security@ns2.rutgers.edu>
Errors-To: owner-www-security@ns2.rutgers.edu
Benjamin Tomhave wrote:
>
> If anybody is interested, and hasn't taken the time to look at their
> cookie file yet, Netscape gives their rationale/excuse for cookies at
> http://www.netscape.com/newsref/std/cookie_spec.html This URL can be
> found in your Netscape cookie file. On a related note, I editted my
> cookie.txt file (under WinNT), clearing all entries, saved, and then made
> the file read only. So far I have not had any more entries added, which
> is a nice feeling. I would get a little nervous if the browser were to
> change attributes on a file to add that sort of information.
>
> -ben
>
It has always been a concern if cookies are really secure.
So I started experimenting with my ``cookies'' file in unix.
By changing the ``FALSE'' statement to ``TRUE'' I noticed a
different advertisement pop-up. Interesting. Someone should
publish the ``ideal cookie'' which contains the type of site
activity warranting VIP red-carpet treatment, and sell it for
ecash to people wanting to surf the web in style. :-) On a
serious note, I'm surprised you didn't get an error message by
changing your cookie attribute to read-only.
Where does the information go if it's trying to write, then?
Into a ``hole'' of some sort or simply NUL device?
Gene
--
___
| ._ _ ._ _.._ _ ``I do not fear computers
_|_| |(_|| (_|| | | I fear lack of them.'' -Isaac Asimov
_____ _| _______________________________________________________
Key fingerprint: 93 E1 15 E6 35 BC B2 84 B2 7B 39 76 29 72 32 72
[Signature lettering created by ``Figlet Ascii Font Converter''
http://mediacube.datacom.de/cgi-bin/moniteurs/figlet]
