[Javascript] Can I Give Myself a Cookie ?
T. Bradley Dean
tbdean_lists at tbdean.com
Tue Apr 22 15:33:55 CDT 2003
Boy, I gotta start getting to work before 1 PM, I'm missing all the good
discussions!
David T. Lovering Wrote:
>However, there are perfectly good JavaScript methods for
>listing a directory's contents (including those that contain
>cookies), and using an iframe with a src="<path/cookiefilename>"
>can work quite nicely as a raw cookie viewer, irrespective of
>which site the client is actually attached to. Simply spinning
>this back to the server of an illicit site will provide a snapshot
>of the cookie's contents,
I do not believe the above would work. And if it did, it would most
certainly be seen by the community as a "flaw" in whatever browsers it
worked in.
Cookies are designed to be viewed only by the site that wrote them. If you
are able to get access to them outside of the browser that's a different
story, and I would say quite illegal depending on how it's used. If you get
the user to accept an ActiveX or Java program and then use that to scan
other sites' cookies, decrypt them, and steal credit card numbers - well -
you might as well do the same with my Quicken data. If you are using that
argument to say cookies are "unsafe" everything on my workstation is just as
"unsafe".
~Brad
More information about the Javascript
mailing list