[XML-DEV Mailing List Archive Home] [By Thread] [By Date] [Recent Entries] [Reply To This Message]

RE: Re: Cookies at XML Europe 2004 -- Call for Particip ation


firewall blocking cookies
On Tuesday, January 06, 2004 3:53 PM EDT, Elliotte Rusty Harold
wrote:

> they actually are. HTTP authentication and cookie based 
> authentication are equally vulnerable to this style of social 
> engineering.

Hello Elliotte:

I realize that the manipulated use of the "@" sign in a URL is social
engineering, the problem lies in programs that block the use of such URLS,
even for legitimate purposes.  At the time I wrote the initial message I
knew of a firm that that was blocking HTTP traffic with URLs that contained
the "@" sign in their Checkpoint firewall.  Seems now that Microsoft will
also deem the "@" sign to be sinister.  Another article from eWeek, this
time on what Microsoft intends to do with "@" signs in Internet Explorer:

http://www.eweek.com/article2/0,4149,1473485,00.asp?kc=EWNWS012904DTX1K00005
99

The Microsoft bulletin is located at:
http://support.microsoft.com/default.aspx?scid=kb;en-us;Q834489

An excerpt from the above article:

"If you include HTTP or HTTPS URLs that contain user information in your
scripting code, to manage state information, change your scripting code to
use cookies instead of user information. For additional information about
how to use cookies to manage state information, visit the following Internet
Engineering Task Force (IETF) Web site:
http://www.ietf.org/rfc/rfc2965.txt"

It may become more difficult to clients to participate in HTTP
authentication without using cookies.

Regards,
Ralph


PURCHASE STYLUS STUDIO ONLINE TODAY!

Purchasing Stylus Studio from our online shop is Easy, Secure and Value Priced!

Buy Stylus Studio Now

Download The World's Best XML IDE!

Accelerate XML development with our award-winning XML IDE - Download a free trial today!

Don't miss another message! Subscribe to this list today.
Email
First Name
Last Name
Company
Subscribe in XML format
RSS 2.0
Atom 0.3
 

Stylus Studio has published XML-DEV in RSS and ATOM formats, enabling users to easily subcribe to the list from their preferred news reader application.


Stylus Studio Sponsored Links are added links designed to provide related and additional information to the visitors of this website. they were not included by the author in the initial post. To view the content without the Sponsor Links please click here.

Site Map | Privacy Policy | Terms of Use | Trademarks
Free Stylus Studio XML Training:
W3C Member
Stylus Studio® and DataDirect XQuery ™are products from DataDirect Technologies, is a registered trademark of Progress Software Corporation, in the U.S. and other countries. © 2004-2013 All Rights Reserved.