Home page logo

bugtraq logo Bugtraq mailing list archives

Re: Evil Cookies.
From: regs () NEBCORP COM (Ari Gordon-Schlosberg)
Date: Tue, 8 Feb 2000 16:24:58 -0600

[Dylan Griffiths <Dylan_G () BIGFOOT COM>]
Thomas Reinke wrote:
There is no easy patch to this problem. The only solution I
can think of, which is not an easy one, would be to have browsers
have intimate knowledge of what constitutes an organization's
"domain of influence", and limit cookies accordingly. This
is essentially impossible to implement.

A better solution would be explicit (ie: finer grained) control of cookies.
Not as finely grained as the prompt option of Lynx, but more specific than
the current Netscape settings.

Actually, this is implemented in a rudimentary way in IE 5.x, with their
"zones" of security.  If you're interested, take a look at Mozilla's M13
milestone release.  It allows fine-grained control of cookiees, with its
"Never Accept Cookiees" domain/site list.  It also gives the user an
intuitive interface to actually browse their cookiees.  (Look in the Wallet

Ari                                                     there is no spoon
http://www.nebcorp.com/~regs/pgp for PGP public key

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]