Beefy Boxes and Bandwidth Generously Provided by pair Networks
good chemistry is complicated,
and a little bit messy -LW
 
PerlMonks  

RE: Answer: Security: Cookies vs HTTP authentication

by Russ (Deacon)
on Sep 02, 2000 at 01:55 UTC ( #30812=note: print w/replies, xml ) Need Help??


in reply to Answer: Security: Cookies vs HTTP authentication
in thread CGI programming

For me, it is instinctive, reflexive and otherwise just subconscious to glance at the little padlock in the lower left of the Netscrape window before I even type something I consider sensitive into a browser window.

I say this because you do not have to log in to be using https. Don't confuse SSL with security. SSL simply means "reduced risk of eavesdropping." Nor does logging in imply https. You could have logged in, then been dropped back out to a "normal" protocol.

Further, it may be nearly impossible to know what egroups or anyone else is doing "behind-the-scenes." You may have logged in through an https page, and they are now ignoring that authentication information when they determine what data you may and may not view. If they use only cookies or CGI parameters to determine what you may access, their entire site, and all data in it, is probably up-for-grabs to anyone who wants to get it.

So, IM(ns)HO, using the words "cookies" and "security" in the same context is fundamentally bogus. As to whether that level of security is enough...to each his own. As long as you do not put truly sensitive data on the site, who cares? If you store, on a site secured by cookies or CGI params only, anything you do not consider public knowledge, you are gambling against long odds. Pure and simple.

Good luck. :-)

Russ
Brainbench 'Most Valuable Professional' for Perl

  • Comment on RE: Answer: Security: Cookies vs HTTP authentication

Log In?
Username:
Password:

What's my password?
Create A New User
Node Status?
node history
Node Type: note [id://30812]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others chilling in the Monastery: (5)
As of 2020-10-30 19:46 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?
    My favourite web site is:












    Results (284 votes). Check out past polls.

    Notices?