RE: How secure are cookies ?

Date: 08/30/01

Message-ID: <97E963187BE1D211AF210008C7916094062C88F1@EXCHMO03>
Subject: RE: How secure are cookies ?
Date: Thu, 30 Aug 2001 13:58:21 -0700

Absolutely true

So, use a more secured authentication ... which was my point at the
beginning of this thread.

Unless, it is going to be used in an intranet environment. However, think
twice about doing that as well.

By the way, what is a parkdeck? ... :-)

-----Original Message-----
From: Alexander Sarras (SEA) []
Sent: Wednesday, August 29, 2001 11:42 PM
To: 'Pradeep Kumar'; Tarek W.;
Subject: RE: How secure are cookies ?

Hash: SHA1

It's not the cookies that hurt, just like a hammer it's the misuse. A
lot of socalled secure sites with logins use cookies with plaintext
information, constant seession id's and other niceties. Cookies can
be redirected and/or sniffed. So much for security.

So the problem is not that there are cookies, it's the most misuse
them. BTW, in most cases there unnecessary, too, from a users point
of view. Most times they are used for surf control and tracking and
I'm just to mistrusting for that.

Crowbars aren't a security risk per se. The are a tool. If a cop sees
you wandering around with one on the parkdeck he might just get a
little suspicious. Same goes for me and cookies.

Maybe we should make a contest on this list. Think up applications
needing cookies, and then try to design a workaround which doesn't
use cookies at all. I suppose you could get by without those little
rats, which would show them to be a complete waste of bandwith.

m 2EUR
- --
Dr. Alexander Sarras
Product Unit Enterprise Communication Systems
Ericsson Enterprise AB

Tel: +43/1/811 00 4668
Fax: +43/1/811 00 11 4668