[thelist] cookies

Mike Hardaker mike at angloinfo.com
Fri May 18 09:19:37 CDT 2001


> this is sort of scary. but since the domains which can exchange cookies
> (all MS's) are probably hardcoded in the browser it's not all that much
> of a security concern, is it? or is there some ie5.5 proprietary way to
> exchange cookies? does anyobdy know more about this?

It's a server-side issue, not browser-specific.

In essence, it's easy to pass cookies to another site, but night-on
impossible to *grab* them from another site. And, as long as the sites are
related domains under the smae ownership., this isn't all that bad (IMO).
However, if I started passing cookies to a third party, say, then I think a
major breach of trust would be involved...

For example, I have angloinfo.com and anglo-info.com. Both are the same
site, with the latter address really only there to catch typos. If I chose
to implement cookie-passing between the two, I don't think I'd be doing
anything wrong.

However, if I passed the cookies on to another company, I think that would
be, well, bad...

-------------------
Mike Hardaker
Founder & Publisher
AngloINFO
www.angloinfo.com (Web)
wap.angloinfo.com (WAP)






More information about the thelist mailing list