[XML-DEV Mailing List Archive Home] [By Thread] [By Date] [Recent Entries] [Reply To This Message]

Re: Re: Cookies at XML Europe 2004 -- Call for Participation

• To: Joshua Allen <joshuaa@m...>
• Subject: Re: Re: Cookies at XML Europe 2004 -- Call for Participation
• From: John Cowan <cowan@m...>
• Date: Wed, 7 Jan 2004 19:01:26 -0500
• Cc: xml-dev@l...
• In-reply-to: <0E36FD96D96FCA4AA8E8F2D199320E52A9DFB2@R...>
• References: <0E36FD96D96FCA4AA8E8F2D199320E52A9DFB2@R...>
• User-agent: Mutt/1.3.28i

Joshua Allen scripsit:

> Regardless of whether you store your session token as Rich describes
> in a cookie, or in the URL, there is a danger that someone could use
> a man in the middle attack like you describe.  

Indeed, if I get to filter *all* your accesses to the net, I can make
you believe anything I want, by masquerading as all possible trusted
third parties.  There's nothing to be done about this.

-- 
Do NOT stray from the path!             John Cowan <jcowan@r...>
        --Gandalf                       http://www.ccil.org/~cowan

• Follow-Ups:
  • Re: Re: Cookies at XML Europe 2004 -- Call for Participation
    • From: Rich Salz <rsalz@d...>

• References:
  • RE: Re: Cookies at XML Europe 2004 -- Call for Participation
    • From: "Joshua Allen" <joshuaa@m...>

• Prev by Date: RE: Re: Cookies at XML Europe 2004 -- Call for Participation
• Next by Date: Re: Re: wacky XML
• Previous by thread: RE: Re: Cookies at XML Europe 2004 -- Call for Participation
• Next by thread: Re: Re: Cookies at XML Europe 2004 -- Call for Participation
• Index(es):
  • Date
  • Thread