OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

 


 

   RE: [xml-dev] Re: Cookies at XML Europe 2004 -- Call for Particip ation

[ Lists Home | Date Index | Thread Index ]

Ralph Hilken wrote:
> Seems now that Microsoft will also deem the "@" sign to be sinister.
	This is excellent news! The business of embedding username and
password in URLs in cleartext was always a hack. Then, with the
introduction of referer  (one of the most vile privacy intrusions ever
foisted on the net) people started spewing their usernames and
passwords all over the net. It is good that Microsoft has done the
responsible thing and decided to stop supporting this mess in their
products. Now, hopefully others will become more aware of the problems
inherent in putting session-related information into URL's when, if
necessary, such data belongs in cookies where it is safely hidden from
"referer" and from most log file scanners.
	Perhaps, we'll even see support for "referer" dropped one day.
That would be excellent. But, that's probably too much to hope for.

		bob wyman





 

News | XML in Industry | Calendar | XML Registry
Marketplace | Resources | MyXML.org | Sponsors | Privacy Statement

Copyright 2001 XML.org. This site is hosted by OASIS