From: "Chris W" <[EMAIL PROTECTED]> > I am still new to web programing but I have a lot of experience in > developing non web based applications. So I think I am a reasonably > clever programmer and I have now done enough web programming that I > understand the cookie mechanism. What I can't figure out is why so many > people are paranoid about cookies. I don't really see much of anything > that can be done with cookies to invade someones privacy. Am I missing > something here?
Exactly. The problem isn't the mechanism, it's the implementation by the programmer. If you save my favorite color in a cookie, no big deal. If you save my username and password in a cookie, that is a big deal. Cookies are sent back and forth between the web server and client in plain text, so it can be captured. The other thing to realize is that cookies can be changed; they come from the client. So if you set my "id" to 555 in a cookie and that determines who I am for you site, I can change the "id" to 333 and become another person. Again, it's a problem with the implementation by the program, not cookies themselves. ---John Holmes... -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php