--- "CPT John W. Holmes" <[EMAIL PROTECTED]> wrote: > > I am still new to web programing but I have a lot of experience in > > developing non web based applications. So I think I am a reasonably > > clever programmer and I have now done enough web programming that I > > understand the cookie mechanism. What I can't figure out is why so > > many people are paranoid about cookies. I don't really see much of > > anything that can be done with cookies to invade someones privacy. > > Am I missing something here? > > Exactly. The problem isn't the mechanism, it's the implementation by > the programmer. If you save my favorite color in a cookie, no big deal. > If you save my username and password in a cookie, that is a big deal.
Ditto what John said. In addition, you might want to research DoubleClick and Web bugs (two separate things) as well as understand a bit how a browser requests all of the resources necessary to render a page. As for why people are paranoid, I think you will find out if you search for cookies and read what sort of information is out there. In fact, aside from the original Netscape specification, I don't think I've read anything online about cookies that wasn't full of misinformation. Finally, you may want to check out the following two URLs: http://www.peacefire.org/security/iecookies/ http://www.solutions.fi/index.cgi/news_2001_11_08?lang=eng Hope that helps. Chris ===== Chris Shiflett - http://shiflett.org/ PHP Security Handbook Coming mid-2004 HTTP Developer's Handbook http://httphandbook.org/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php