[XML-DEV Mailing List Archive Home] [By Thread] [By Date] [Recent Entries] [Reply To This Message]

Re: Re: Cookies at XML Europe 2004 -- Call forParticipation

• To: Rich Salz <rsalz@d...>
• Subject: Re: Re: Cookies at XML Europe 2004 -- Call forParticipation
• From: Elliotte Rusty Harold <elharo@m...>
• Date: Thu, 8 Jan 2004 23:52:48 -0500
• Cc: "xml-dev@l..." <xml-dev@l...>
• In-reply-to: <Pine.LNX.4.44L0.0401082053220.6682-100000@s...>
• References: <Pine.LNX.4.44L0.0401082053220.6682-100000@s...>

At 9:54 PM -0500 1/8/04, Rich Salz wrote:


>>  I don't see any equivalent action a
>>  client can take to protect themself against a cookie based attack.
>
>Make sure they always connect to the site with SSL.

No, the client can't choose that. The server has to make it 
available. If the server doesn't provide SSL access, there's nothing 
the client can do to enable SSL short of not connecting to the site. 
:-(
-- 

   Elliotte Rusty Harold
   elharo@m...
   Effective XML (Addison-Wesley, 2003)
   http://www.cafeconleche.org/books/effectivexml
   http://www.amazon.com/exec/obidos/ISBN%3D0321150406/ref%3Dnosim/cafeaulaitA

• Follow-Ups:
  • Re: Re: Cookies at XML Europe 2004 -- Call for Participation
    • From: Rich Salz <rsalz@d...>

• References:
  • Re: Re: Cookies at XML Europe 2004 -- Call for Participation
    • From: Rich Salz <rsalz@d...>

• Prev by Date: Re: Re: Cookies at XML Europe 2004 -- Call for Participation
• Next by Date: Re: wacky XML
• Previous by thread: Re: Re: Cookies at XML Europe 2004 -- Call for Participation
• Next by thread: Re: Re: Cookies at XML Europe 2004 -- Call for Participation
• Index(es):
  • Date
  • Thread