[wp-forums] Any one braver than I?

[Petit]

Yes, the browsers ensure not to send cookies to any other server than 
that where the cookie originated.
A few years ago, there was big fuzz around this question. The result was 
that we can now ban cookies in our browsers.
In my opinion we have to install ( knowingly or by accident ) certain 
malware outside of the browser, to have our cookies stolen.
To click on a link to CGI-program ( *.pl, *.asp(x), ...  ) is as 
dangerous as clicking a link to a PHP page.
They all use CGI one way or another. For ASP or PHP (WP), it is the 
interpreter or engine that uses CGI.

The can all deliver just about anything to the browser. What we all need 
is a security system, that stops automatic installs
from non trusted sources, giving us the decision to install or not.
Browsers themselves don't send a cookie from domain foo.com to domain 
bar.com.

Also, whatever link you click, you'll never know if it goes to a web 
server or a script dynamically serving content.
Even if it says http:// iamahtmlpage.org/foobar.html, is could be 
rewritten to http:// iamahtmlpage.org/cgi-bin/foobar.pl
So I'd click on anything and trust my security system.

Last time I clicked disregarding the warning, I had to pay heavily, but 
that was entirely my own fault.

/Petit

Tabrez Iqbal wrote:
> Aren't the cookies returned only to the domains from which they had
> originated earlier? Like, if an application from my domain creates some
> cookies, applications from no other domain can access them. Or is there a
> way around it depending upon web browser's vulnerabilities?
>
> -ti
> On 5/23/06, Podz <podz at tamba2.org.uk> wrote:
>>
>> We cannot have such stuff going
>> on - isn't that how cookies and such are stolen?
>>
>> P.
>>
>