Commerce Bank (fwd)

Thu May 18 01:55:20 CDT 2000

On Wed, 17 May 2000, Gene  E. Dascher wrote:

> messages.  That way, the Commerce Bank site can read my cookies file
> and validate whatever information it needs to, BUT no one can add any
> new cookies to it.  For the most part, I think that cookies are evil,
> so this is a good way to discourage them.  This is the first and only
> instance that I have EVER found that writing to the cookies file was
> necessary to accessing a web site's functions.

Man, you are one paranoid puppy.  Cookies are necessary.  Real business on
the 'Net is impossible without the ability for a remote site to set a
session key.

I find it amusing when I'll hear people tell me "but they can put
_anything_ in it, and IT'S ON YOUR HARD DRIVE!!!", as if some text file
will somehow sprout horns and start chasing you around the room.

I _do_ agree with you that it is a potential security hole (think "stack
smasher" rather than "privacy violation"), but Netscape has demonstrated
itself to be concerned with security (unlike a certain company from
Redmond), and when everyone is using Mozilla we'll have the best kind of
assurance we can get -- the code.

J.

o-----------------------------------o
| Jeffrey Watts                     |
| watts at jayhawks.net         o-----------------------------------------o
| Systems Programmer         | "It's the same each time with progress. |
| Network Systems Management |  First they ignore you, then they say   |
| Sprint Communications      |  you're mad, then dangerous, then       |
o----------------------------|  there's a pause and then you can't     |
                             |  find anyone who disagrees with you."   |
                             |  -- Tony Benn (b. 1925)                 |
                             |  British Labour politician              |
                             o-----------------------------------------o