> Like I said .. turning off cookies won't save you from someone getting to
> the cookies you already have stored on your machine. Besides, the problem
> ISN'T with cookies .. it's with crappy MS security .. supprise, supprise.
> Notice how the only people affected by this at all are people using IE and
> Windows ... quite the dynamic duo.
The problem has NEVER "really" been about cookies anyway. Its the
"PERCEPTION" of what site developers may or may not be storing in cookies
that is freakin out the surfers/users at large. And these whores in the
media are just trying to capitalize on this overblown issue as a way to pump
up the banner ad impressions and click thru's. The media should be roasting
the site developers that place sensitive info in cookies, and do a more
thurough job of discussing the real issues.
Hardly any "secure" sites are storing "sensitive" information in a cookie.
Decent security for web sites is based on both something you "have", and
something you "know" - not just a cookie's value - sensitive or
insensitive. If a web sites sole security mechanism is cfid & cftoken - Id
have to say then its flawed and needs to be fixed - the solution isnt to
eradicate cookies - fix the security model. If someone can buy stuff from
Amazon.com based solely on the value they store in my cookie - then I'd have
to say that Amazon.com's "Patented 1 - Click" checkout horse pucky is
severely flawed - as well as MS's IE. Maybe Amazon should have spent the $$$
on security experts vs. patent attorneys......
> Netscape doesn't have this problem and
> neither do any other operating systems. I say don't worry about it and
use
> your cookies .. just, now we have to take on the added responsibility of
> designing our sites to provide Microsoft's cookie security for them. Now
..
> anyone have any usefull ideas on how to do this?
Does the security breach discussed apply where the developer is setting
cookies to be seen only by webservers in the "domain" that set the cookie??
Isnt that a specific cookie setting "option"?
well... gotta go... .. got to go turn off Javascript in in many computers
now.... sheeeeesh
Steve
------------------------------------------------------------------------------
Archives: http://www.eGroups.com/list/cf-talk
To Unsubscribe visit
http://www.houseoffusion.com/index.cfm?sidebar=lists&body=lists/cf_talk or send a
message to [EMAIL PROTECTED] with 'unsubscribe' in the body.
