CPT John W. Holmes wrote:
From: "Chris W" <[EMAIL PROTECTED]>
I am still new to web programing but I have a lot of experience in
developing non web based applications.   So I think I am a reasonably
clever programmer and I have now done enough web programming that I
understand the cookie mechanism.  What I can't figure out is why so many
people are paranoid about cookies.  I don't really see much of anything
that can be done with cookies to invade someones privacy.  Am I missing
something here?

Exactly. The problem isn't the mechanism, it's the implementation by the programmer. If you save my favorite color in a cookie, no big deal. If you save my username and password in a cookie, that is a big deal. Cookies are sent back and forth between the web server and client in plain text, so it can be captured.

The other thing to realize is that cookies can be changed; they come from
the client. So if you set my "id" to 555 in a cookie and that determines who
I am for you site, I can change the "id" to 333 and become another person.
Again, it's a problem with the implementation by the program, not cookies
themselves.

And don't forget the effect media hype had on their reputation. Cookies were portrayed as bad guys. As John says, they're not if they're used correctly, but it only takes one high-profile example of improper use to tarnish a reputation forever.


--
Stuart

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php



Reply via email to