RE: How secure are cookies ?From: Gregory_DeGennaro@csaa.com
- Previous message: Michael J. Cannon: "Re: Linux or Windows as Server-OS?"
- Maybe in reply to: Walker Andrew: "How secure are cookies ?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Message-ID: <97E963187BE1D211AF210008C7916094062C88F1@EXCHMO03> From: Gregory_DeGennaro@csaa.com To: Alexander.Sarras@sea.ericsson.se, firstname.lastname@example.org, email@example.com, firstname.lastname@example.org Subject: RE: How secure are cookies ? Date: Thu, 30 Aug 2001 13:58:21 -0700
So, use a more secured authentication ... which was my point at the
beginning of this thread.
Unless, it is going to be used in an intranet environment. However, think
twice about doing that as well.
By the way, what is a parkdeck? ... :-)
From: Alexander Sarras (SEA) [mailto:Alexander.Sarras@sea.ericsson.se]
Sent: Wednesday, August 29, 2001 11:42 PM
To: 'Pradeep Kumar'; Tarek W.; email@example.com
Subject: RE: How secure are cookies ?
-----BEGIN PGP SIGNED MESSAGE-----
It's not the cookies that hurt, just like a hammer it's the misuse. A
information, constant seession id's and other niceties. Cookies can
be redirected and/or sniffed. So much for security.
So the problem is not that there are cookies, it's the most misuse
them. BTW, in most cases there unnecessary, too, from a users point
of view. Most times they are used for surf control and tracking and
I'm just to mistrusting for that.
Crowbars aren't a security risk per se. The are a tool. If a cop sees
you wandering around with one on the parkdeck he might just get a
little suspicious. Same goes for me and cookies.
Maybe we should make a contest on this list. Think up applications
needing cookies, and then try to design a workaround which doesn't
rats, which would show them to be a complete waste of bandwith.
Dr. Alexander Sarras
Product Unit Enterprise Communication Systems
Ericsson Enterprise AB
Tel: +43/1/811 00 4668
Fax: +43/1/811 00 11 4668