Klarinet Archive - Posting 000506.txt from 2002/12

From: "Tim Roberts" <timr@-----.com>
Subj: RE: [kl] How it happens
Date: Fri, 20 Dec 2002 16:46:43 -0500

On Fri, 20 Dec 2002 12:45:08 -0800 (PST), b6w@-----.net (Bill Wright) wrote:
>
>Perhaps some others on the list would be interested, and so I'll ask
>here:
>
>(1) Must a 'cookie' be limited to data, such as ASCII text, that cannot
>wake up and execute itself?

Yes, a cookie is strictly data. Nothing executable.

>(2) Obviously the entity who places a cookie on my machine can access it
>at a later date. What --- if anything --- prevents just anybody from
>accessing these cookies if they're willing to write the necessary code
>and to wait until I ask their machine to exchange data with me (example:
>ask your machine to search the Klarinet archives)?

You don't get a cookie by asking for it. Rather, your browser says, "let's
see, I'm about to fetch something from www.xyz.com. Has any page from that
site ever given me a cookie? Ah, I have one here! I shall send it to the site
when I make my request."

That's all there is. A cookie can only go OUT to the site that sent it. It is
quite difficult to "spoof" a cookie, because it is the BROWSER that makes the
connection and sends the request.

--
- Tim Roberts, timr@-----.com
Providenza & Boekelheide, Inc.

---------------------------------------------------------------------

    
     Copyright © Woodwind.Org, Inc. All Rights Reserved    Privacy Policy    Contact charette@woodwind.org