[3784] in WWW Security List Archive
Re: Cookie question
daemon@ATHENA.MIT.EDU (Jacob Rose)
Thu Dec 12 05:02:06 1996
Date: Wed, 11 Dec 1996 23:01:42 -0500 (EST)
From: Jacob Rose <jacob@whiteshell.com>
To: Edwin Ng <durian@cyberweb.com.my>
Cc: www-security@ns2.rutgers.edu
In-Reply-To: <Pine.LNX.3.95.961212002151.10034B-100000@www.cyberweb.com.my>
Errors-To: owner-www-security@ns2.rutgers.edu
> If the service provider's server stores your password in your cookie file,
> then you should stop using its services. Storing login passwords in a
> cookie file is a big security risk. I still firmly believe typing in the
> password and login name over and over again. A little hassle but better
> than putting it in cookie file for all to see and take, and for another
> user to login to your account.
Yes, but there are many services (like, for instance, HotWired) where you
might login, but your account with them is almost completely unimportant
to you; it's a convenience, and it's tracking info for the service, but
you shouldn't have to remember a password.
------------------------------------------------------------------------
Jacob Rose All you and I must agree upon is peace.
------------------------------------------------------------------------
