[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: lynx-dev lynx-2.8.2 and Cookies
|
From: |
David Woolley |
|
Subject: |
Re: lynx-dev lynx-2.8.2 and Cookies |
|
Date: |
Thu, 17 Jun 1999 08:36:05 +0100 (BST) |
> CQlMeW54IFRyYWNlIExvZyAoMi44LjJyZWwuMSkNCg0KTFlOWF9TSUdfRklM
> RSBzZXQgdG8gJy9yb290Ly5seW54c2lnJw0KTG9hZGluZyBjZmcgZmlsZSAn
Do not send BASE64 to mailing lists, especially when the material is
plain text.
store_cookie: Rejecting domain '.yahoo.com' for host 'edit.my.yahoo.com'.
It is rejecting a cookie because the server is trying to set a cookie on
the whole of yahoo.com from a domain two levels down from there. That's
equivalent to www.xyz.co.uk setting a cookie on the whole of .co.uk
and clearly a denial of service threat if not a worse security threat,
so I can quite believe that it is in breach of the security rules for
cookies, although I'm not sure of the exact rules in this area - they do
exist though.
I believe Netscape deliberately ignores these rules, because it suits
the operators of commercial sites to do so; remember that persistent
cookies like this are not primarily for your benefit.
I believe there is an unsafe cookies option in Lynx, but before using it
I would stronly suggest reading http://www.junkbusters.com, then asking
yourself whether you want to talk to any site that sets cookies which
can track you to the year 2010.