[2501] in WWW Security List Archive
Re: cookie overloading (denial of service)
daemon@ATHENA.MIT.EDU (Gene Ingram)
Mon Jul 22 21:52:37 1996
Date: Mon, 22 Jul 1996 15:46:24 -0700
From: Gene Ingram <gene@hpfsvr01.cup.hp.com>
Reply-To: www-security@ns2.rutgers.edu
To: www-security@ns2.rutgers.edu
Errors-To: owner-www-security@ns2.rutgers.edu
> With your browser limited to holding 300 cookies, I've pretty much
> forced your browser to discard most or all of the previous cookies
> in favor of mine.
Netscape's going to have to increase their 300 cookie ceiling in
its next release to accommodate increased demand. :-) Is
memory limitation the reason for limit? Maybe they should have a
field to define the cookie limit, something like this:
Memory cache: 3000 Kilobytes
Disk cache: 5000 Kilobytes
Cookie cache: 3000 Kilobytes
Then if you set Cookie cache to ZERO it will solve the problem.
--
___
| ._ _ ._ _.._ _ ``I do not fear computers
_|_| |(_|| (_|| | | I fear lack of them.'' -Isaac Asimov
_____ _| _______________________________________________________
Key fingerprint: 93 E1 15 E6 35 BC B2 84 B2 7B 39 76 29 72 32 72
[Signature lettering created by ``Figlet Ascii Font Converter''
http://mediacube.datacom.de/cgi-bin/moniteurs/figlet]
