For me, it is instinctive, reflexive and otherwise just
subconscious to glance at the little padlock in the lower
left of the Netscrape window before I even type
something I consider sensitive into a browser window.
I say this because you do not have to log in to be using
https. Don't confuse SSL with security. SSL simply means
"reduced risk of eavesdropping." Nor does logging in imply
https. You could have logged in, then been dropped back
out to a "normal" protocol.
Further, it may be nearly impossible to know what egroups
or anyone else is doing "behind-the-scenes." You may have
logged in through an https page, and they are now ignoring
that authentication information when they determine what
data you may and may not view. If they use only cookies or
CGI parameters to determine what you may access, their
entire site, and all data in it, is probably up-for-grabs
to anyone who wants to get it.
So, IM(ns)HO, using the words "cookies" and "security" in
the same context is fundamentally bogus. As to whether
that level of security is enough...to each his own. As long
as you do not put truly sensitive data on the site,
who cares? If you store, on a site secured by cookies or
CGI params only, anything you do not consider public
knowledge, you are gambling against long odds. Pure and
simple.
Good luck. :-)
Russ
Brainbench 'Most Valuable Professional' for Perl | [reply] |
| [reply] |