[wp-forums] Any one braver than I?
Petit
petit at petitpub.com
Wed May 24 19:29:32 GMT 2006
Yes, the browsers ensure not to send cookies to any other server than
that where the cookie originated.
A few years ago, there was big fuzz around this question. The result was
that we can now ban cookies in our browsers.
In my opinion we have to install ( knowingly or by accident ) certain
malware outside of the browser, to have our cookies stolen.
To click on a link to CGI-program ( *.pl, *.asp(x), ... ) is as
dangerous as clicking a link to a PHP page.
They all use CGI one way or another. For ASP or PHP (WP), it is the
interpreter or engine that uses CGI.
The can all deliver just about anything to the browser. What we all need
is a security system, that stops automatic installs
from non trusted sources, giving us the decision to install or not.
Browsers themselves don't send a cookie from domain foo.com to domain
bar.com.
Also, whatever link you click, you'll never know if it goes to a web
server or a script dynamically serving content.
Even if it says http:// iamahtmlpage.org/foobar.html, is could be
rewritten to http:// iamahtmlpage.org/cgi-bin/foobar.pl
So I'd click on anything and trust my security system.
Last time I clicked disregarding the warning, I had to pay heavily, but
that was entirely my own fault.
/Petit
Tabrez Iqbal wrote:
> Aren't the cookies returned only to the domains from which they had
> originated earlier? Like, if an application from my domain creates some
> cookies, applications from no other domain can access them. Or is there a
> way around it depending upon web browser's vulnerabilities?
>
> -ti
> On 5/23/06, Podz <podz at tamba2.org.uk> wrote:
>>
>> We cannot have such stuff going
>> on - isn't that how cookies and such are stolen?
>>
>> P.
>>
>
More information about the wp-forums
mailing list