Cart
|
[XML-DEV Mailing List Archive Home] [By Thread] [By Date] [Recent Entries] [Reply To This Message] RE: Re: Cookies at XML Europe 2004 -- Call for Particip ation
 On Tuesday, January 06, 2004 3:53 PM EDT, Elliotte Rusty Harold wrote: > they actually are. HTTP authentication and cookie based > authentication are equally vulnerable to this style of social > engineering. Hello Elliotte: I realize that the manipulated use of the "@" sign in a URL is social engineering, the problem lies in programs that block the use of such URLS, even for legitimate purposes. At the time I wrote the initial message I knew of a firm that that was blocking HTTP traffic with URLs that contained the "@" sign in their Checkpoint firewall. Seems now that Microsoft will also deem the "@" sign to be sinister. Another article from eWeek, this time on what Microsoft intends to do with "@" signs in Internet Explorer: http://www.eweek.com/article2/0,4149,1473485,00.asp?kc=EWNWS012904DTX1K00005 99 The Microsoft bulletin is located at: http://support.microsoft.com/default.aspx?scid=kb;en-us;Q834489 An excerpt from the above article: "If you include HTTP or HTTPS URLs that contain user information in your scripting code, to manage state information, change your scripting code to use cookies instead of user information. For additional information about how to use cookies to manage state information, visit the following Internet Engineering Task Force (IETF) Web site: http://www.ietf.org/rfc/rfc2965.txt" It may become more difficult to clients to participate in HTTP authentication without using cookies. Regards, Ralph 
|
PURCHASE STYLUS STUDIO ONLINE TODAY!Purchasing Stylus Studio from our online shop is Easy, Secure and Value Priced! 
Download The World's Best XML IDE!Accelerate XML development with our award-winning XML IDE - Download a free trial today! Subscribe in XML format
|
|||||||||
