xml-dev - RE: [xml-dev] Re: Cookies at XML Europe 2004 -- Call for Particip ation

RE: [xml-dev] Re: Cookies at XML Europe 2004 -- Call for Particip ation

[ Lists Home | Date Index | Thread Index ]

To: "'Ralph Hilken'" <ralph.hilken@artige.com>, <xml-dev@lists.xml.org>
Subject: RE: [xml-dev] Re: Cookies at XML Europe 2004 -- Call for Particip ation
From: "Bob Wyman" <bob@wyman.us>
Date: Thu, 29 Jan 2004 14:14:22 -0500
Importance: Normal
In-reply-to: <65FB0B72BF5CD211980600104B102DC519134E@igelbau.narvon.artige.com>
Reply-to: <bob@wyman.us>

Ralph Hilken wrote:
> Seems now that Microsoft will also deem the "@" sign to be sinister.
	This is excellent news! The business of embedding username and
password in URLs in cleartext was always a hack. Then, with the
introduction of referer  (one of the most vile privacy intrusions ever
foisted on the net) people started spewing their usernames and
passwords all over the net. It is good that Microsoft has done the
responsible thing and decided to stop supporting this mess in their
products. Now, hopefully others will become more aware of the problems
inherent in putting session-related information into URL's when, if
necessary, such data belongs in cookies where it is safely hidden from
"referer" and from most log file scanners.
	Perhaps, we'll even see support for "referer" dropped one day.
That would be excellent. But, that's probably too much to hope for.

		bob wyman

References:
- RE: [xml-dev] Re: Cookies at XML Europe 2004 -- Call for Particip ation
  - From: Ralph Hilken <ralph.hilken@artige.com>

Prev by Date: RE: [xml-dev] hi
Next by Date: Re: [xml-dev] hi
Previous by thread: RE: [xml-dev] Re: Cookies at XML Europe 2004 -- Call for Particip ation
Next by thread: RE: [xml-dev] Re: Cookies at XML Europe 2004 -- Call for Participation
Index(es):
- Date
- Thread