in reply to Re: Security: Cookies vs HTTP authentication
in thread Security: Cookies vs HTTP authentication
IMHO, Securing "by cookies" is not securing at all...
if you have not done some sort of user/password or crypto key exchange,
then I'd be really worried about doing anything with www.egroups.com.
It sounds like to me, that it would be pretty easy to obtain the data on egroups by inappropriate means. (Logging in as someone else.) I mean... the server can store data on your computer in those cookies... but all that says is "someone once connected here". Unencrypted cookies can be sniffed. Then they can be used *EASILY* by anyone with a 3rd grade hacking level.
It sounds like to me, that it would be pretty easy to obtain the data on egroups by inappropriate means. (Logging in as someone else.) I mean... the server can store data on your computer in those cookies... but all that says is "someone once connected here". Unencrypted cookies can be sniffed. Then they can be used *EASILY* by anyone with a 3rd grade hacking level.
Thanks for the heads up on egroups though... i'll prolly avoid them now. :)
|
|---|
In Section
Seekers of Perl Wisdom