[Previous] [Next] [Index]
[Thread]
RE: private cookies
>>>>> "FAR" == Farez Abd-Rahman <F.AbdulRahman@cs.ucl.ac.uk> writes:
FAR> --------------------------------------------------------
FAR> I only have a vague idea of the cookie mechanism, but i was just wondering
FAR> if one site can obtain cookies issued to us by another site from our
FAR> browser. if it can, then there could be a threat to privacy, especially
FAR> if ost of the sites we visit hands us a cookie, ie. info on the sites we
FAR> visit may be available to an arbitrary server.
No, it cannot. The this thing works is that you go to a page <A> of company A,
let's say. This page <A> contains among other things an image: Image links
are of the form <IMG SRC="URL">. In case of company A's page <A> the image
URL points to an image supplied by company Z. Your browser tries to load
all the images on page <A> and will consequently access the IMG URL
pointing to company Z. As this image URL is indeed a URL your browser will
perform each of its URL-loading acts: one of these steps involves checking
for URL for company Z (and in turn storing one supplied by company
Z). Thus, although you never really went to a page of company Z your
browser did by loading the image.
Regards,
Dirk
--
Dr. Dirk Husemann Phone +41 1 724 8573
IBM Research Division FAX +41 1 710 3608
IBM Zurich Research Laboratory
Saeumerstrasse 4 Internet hud@zurich.ibm.com
CH-8803 Rueschlikon WWW: http://www.zurich.ibm.com/~hud/
Switzerland
References: