xml-dev - Re: [xml-dev] Re: Cookies at XML Europe 2004 -- Call for Participation

Re: [xml-dev] Re: Cookies at XML Europe 2004 -- Call for Participation

[ Lists Home | Date Index | Thread Index ]

To: Joshua Allen <joshuaa@microsoft.com>
Subject: Re: [xml-dev] Re: Cookies at XML Europe 2004 -- Call for Participation
From: John Cowan <cowan@mercury.ccil.org>
Date: Wed, 7 Jan 2004 19:01:26 -0500
Cc: xml-dev@lists.xml.org
In-reply-to: <0E36FD96D96FCA4AA8E8F2D199320E52A9DFB2@RED-MSG-43.redmond.corp.microsoft.com>
References: <0E36FD96D96FCA4AA8E8F2D199320E52A9DFB2@RED-MSG-43.redmond.corp.microsoft.com>
User-agent: Mutt/1.3.28i

Joshua Allen scripsit:

> Regardless of whether you store your session token as Rich describes
> in a cookie, or in the URL, there is a danger that someone could use
> a man in the middle attack like you describe.  

Indeed, if I get to filter *all* your accesses to the net, I can make
you believe anything I want, by masquerading as all possible trusted
third parties.  There's nothing to be done about this.

-- 
Do NOT stray from the path!             John Cowan <jcowan@reutershealth.com>
        --Gandalf                       http://www.ccil.org/~cowan

Follow-Ups:
- Re: [xml-dev] Re: Cookies at XML Europe 2004 -- Call for Participation
  - From: Rich Salz <rsalz@datapower.com>

References:
- RE: [xml-dev] Re: Cookies at XML Europe 2004 -- Call for Participation
  - From: "Joshua Allen" <joshuaa@microsoft.com>

Prev by Date: RE: [xml-dev] Re: Cookies at XML Europe 2004 -- Call for Participation
Next by Date: Re: [xml-dev] Re: wacky XML
Previous by thread: RE: [xml-dev] Re: Cookies at XML Europe 2004 -- Call for Participation
Next by thread: Re: [xml-dev] Re: Cookies at XML Europe 2004 -- Call for Participation
Index(es):
- Date
- Thread