xml-dev - Re: [xml-dev] Re: Cookies at XML Europe 2004 -- Call forParticipation

Re: [xml-dev] Re: Cookies at XML Europe 2004 -- Call forParticipation

[ Lists Home | Date Index | Thread Index ]

To: Rich Salz <rsalz@datapower.com>
Subject: Re: [xml-dev] Re: Cookies at XML Europe 2004 -- Call forParticipation
From: Elliotte Rusty Harold <elharo@metalab.unc.edu>
Date: Thu, 8 Jan 2004 23:52:48 -0500
Cc: "xml-dev@lists.xml.org" <xml-dev@lists.xml.org>
In-reply-to: <Pine.LNX.4.44L0.0401082053220.6682-100000@smtp.datapower.com>
References: <Pine.LNX.4.44L0.0401082053220.6682-100000@smtp.datapower.com>

At 9:54 PM -0500 1/8/04, Rich Salz wrote:


>>  I don't see any equivalent action a
>>  client can take to protect themself against a cookie based attack.
>
>Make sure they always connect to the site with SSL.

No, the client can't choose that. The server has to make it 
available. If the server doesn't provide SSL access, there's nothing 
the client can do to enable SSL short of not connecting to the site. 
:-(
-- 

   Elliotte Rusty Harold
   elharo@metalab.unc.edu
   Effective XML (Addison-Wesley, 2003)
   http://www.cafeconleche.org/books/effectivexml
   http://www.amazon.com/exec/obidos/ISBN%3D0321150406/ref%3Dnosim/cafeaulaitA

Follow-Ups:
- Re: [xml-dev] Re: Cookies at XML Europe 2004 -- Call for Participation
  - From: Rich Salz <rsalz@datapower.com>

References:
- Re: [xml-dev] Re: Cookies at XML Europe 2004 -- Call for Participation
  - From: Rich Salz <rsalz@datapower.com>

Prev by Date: Re: [xml-dev] Re: Cookies at XML Europe 2004 -- Call for Participation
Next by Date: Re: [xml-dev] wacky XML
Previous by thread: Re: [xml-dev] Re: Cookies at XML Europe 2004 -- Call for Participation
Next by thread: Re: [xml-dev] Re: Cookies at XML Europe 2004 -- Call for Participation
Index(es):
- Date
- Thread