|
[XML-DEV Mailing List Archive Home] [By Thread] [By Date] [Recent Entries] [Reply To This Message] RE: Re: Cookies at XML Europe 2004 -- Call for Participation
Joshua Allen of Microsoft wrote: > Your privacy argument is fairly bogus Thank you for your polite and civil comment... My message stated a fact. It is a fact that "One of the original motivations for doing cookies was to remove 'state information' from the URL." Whether or not you think this was a bogus concern is irrelevant to the truth of the statement. I participated in the discussions I mentioned back in 1994 and know what was discussed. In any case, it is *not* a "bogus" argument. The truth is that there are no absolutely secure systems. The goal of security design is to raise the bar to the point where it becomes difficult to compromise a system. We do not have reasonable technology to make systems completely impenetrable. When state information is in URL's, it gets recorded in log files as referrer data and is easily accessible by people with low skill levels. While it is possible to intercept TCP/IP sessions and extract cookie information, it is much more difficult to do so than simply reading a log file. Thus, while a cookie based system is not impenetrable, it is likely to compromised by fewer people than an URL based system. The degree of difference in the security of the two methods is certainly of subject of debate -- however, it is not useful to debate whether a difference exists. Your argument is bogus. bob wyman
|
PURCHASE STYLUS STUDIO ONLINE TODAY!Purchasing Stylus Studio from our online shop is Easy, Secure and Value Priced! Download The World's Best XML IDE!Accelerate XML development with our award-winning XML IDE - Download a free trial today! Subscribe in XML format
|
|||||||||

Cart








