[Previous] [Next] [Index]
[Thread]
Cookies: summary
Tom Fetherston <tdf@ble.org> asked for a summary of the cookies discussion.
> Suggested summary headers:
>
> A. What is the security risk/threat of 1) implementing cookie distribution
> 2) receiving cookes with your browser?
In neither case is there a *security* risk. There is a privacy risk to
the user.
>
> B. Can a cookie server possibly write to other files besides the
> cookie database?
Not if the client is implemented correctly.
>
> C. How can the risk/threat be minimized or eliminated?
I believe the only risk is a privacy risk to the user. If you suppress
all cookies, you avoid the risk. (One cute Unix hack someone here
mentioned is to create a symbolic link from the cookie file to
/dev/null. Poof! No more cookies.) On other platforms, enable
whatever options will allow you to suppress accumulating cookies.
Dave Kristol
Follow-Ups: