[13779] in bugtraq
Re: Evil Cookies.
daemon@ATHENA.MIT.EDU (Michael Bryan)
Wed Feb 9 10:40:25 2000
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Message-Id: <200002082230390700.23D3655D@quaggy.ursine.com>
Date: Tue, 8 Feb 2000 22:30:39 -0800
Reply-To: Michael Bryan <bugtraq@URSINE.COM>
From: Michael Bryan <bugtraq@URSINE.COM>
X-To: BUGTRAQ@SECURITYFOCUS.COM
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: <20000208162458.A6631@nebcorp.com>
Content-Transfer-Encoding: 8bit
On 2/8/00 at 4:24 PM Ari Gordon-Schlosberg wrote:
>[Dylan Griffiths <Dylan_G@BIGFOOT.COM>]
>>
>> A better solution would be explicit (ie: finer grained) control of cookies.
>> Not as finely grained as the prompt option of Lynx, but more specific than
>> the current Netscape settings.
>
>Actually, this is implemented in a rudimentary way in IE 5.x, with their
>"zones" of security. If you're interested, take a look at Mozilla's M13
>milestone release. It allows fine-grained control of cookiees, with its
>"Never Accept Cookiees" domain/site list. It also gives the user an
>intuitive interface to actually browse their cookiees. (Look in the Wallet
>section).
A cool shareware tool called "Cookie Pal" (http://www.kburra.com/cpal.html)
gives you all sorts of excellent control over cookies, and works with several
browsers. Its biggest downside is that it's for Windows only. I highly
recommend checking it out if you're looking for better cookie management.
--
Michael Bryan
bugtraq@ursine.com
