Re: How secure are cookies ?

From: Paul Cardon (paul@moquijo.com)
Date: 09/07/01


Message-ID: <3B98EDD6.5362E17C@moquijo.com>
Date: Fri, 07 Sep 2001 11:55:02 -0400
From: Paul Cardon <paul@moquijo.com>
To: Pradeep Kumar <pradeep.pillai@nexsi.com>
Subject: Re: How secure are cookies ?

Pradeep Kumar wrote:
>
> -How about the several L4-7 switches which continue to use this technology
> despite these 'several breraches'.
> -this is how I look at it. We should give the customer as many options as we
> can technically speaking. For every option that is created, someone out
> there is trying to crack the solution.
> -The customer should use due deligence to come up with a flexi solution. So
> if he is using cookies, use something else to prevent cookie related
> breaches.
>
> -----Original Message-----
> From: paul@moquijo.com [mailto:paul@moquijo.com]
>
> Pradeep Kumar wrote:
> >
> > Tell the forum one security breach due to cookies. You wont find any.
> > If cookies did compromise security all the load balancing switch companies
> > would not support this feature.
>
> How about several security breaches?
>
> http://cookies.lcs.mit.edu/pubs.html

Pradeep,

By letting you know about the breaches (that you claimed don't exist) I
wasn't suggesting that cookie use be eliminated entirely. By reading
the report at the above link you should have realized two things:

1) Breaches caused by improper cookie use do exist
2) These breaches can be avoided by proper use of cookies

Using cookies in a risky manner and then expecting some other technology
to provide protection seems like a terrible engineering decision. Use
cookies correctly in the first place.

-paul



Relevant Pages

  • Re: VB6 Resource file issue
    ... Not exactly what you mean there but Flash is now being used to store ... cookies that can be used in much the same way as HTTP cookies. ... sites use this Flash-based technology to track users, ... Tony Toews, Microsoft Access MVP ...
    (microsoft.public.vb.general.discussion)
  • Re: get rid of persistent cookie
    ... This is not 'tracking' you. ... So stay away from technology that doesn't make your life better! ... You don't need to convince anyone. ... -number of unique visitors (hard to do well without cookies) ...
    (comp.sys.mac.system)
  • Re: get rid of persistent cookie
    ... This is not 'tracking' you. ... So stay away from technology that doesn't make your life better! ... -number of unique visitors (hard to do well without cookies) ... you can set you web browser to accept no cookies! ...
    (comp.sys.mac.system)
  • Re: get rid of persistent cookie
    ... This is not 'tracking' you. ... So stay away from technology that doesn't make your life better! ... You don't need to convince anyone. ... -number of unique visitors (hard to do well without cookies) ...
    (comp.sys.mac.system)