back to the *point* WAS: Re: [thesite] UEUE v.0.2 Update

Mark Nickel mnickel at new.rr.com
Thu Nov 8 09:31:32 CST 2001 

.jeff wrote

> by strip you mean delete the cookies entirely?  that would have quite
> negative effects on persistent logins for those users who visit m.e.o.
> sites.  if you're talking about simply suppressing the reporting of the

I was speaking of supressing the cookies from being passed from the browser
through Apache, to the PHP engine to interpret the *.php page.  The cookies
would still exist in the the users cookiejar on the browser side.  Apache would
prevent these from being put into X server-side scripting language's $COOKIE
variables...

And I would only toy with cookies who's name begin with ueue_* any other cookies
wouldn't be touched.  If m.e.o. were to set other cookies, these wouldn't be
touched...

I know this would defeat the purpose of ueue on m.e.o. which is kinda what we
are circling back around to saying... No UEUE for m.e.o. because we are allowing
the "X-Factor" whereby users have server-side scripting capability...


> passed cookies then i believe that will still leave javascript open as a
> method of reading the users ueue cookies as javascript asks the browser for
> the cookies and doesn't read them from the headers.

Would you be able to provide more information on this?  I'm unfamiliar with
Javascript haxoring in this way.  I would think that by mod'ing Apache, any
hacks in Javascript would be twarted because at some point in time l33t haxor
johnny is going to need to redirect to a webserver "somewhere", right?  Since
only cookies for a domain are sent to the webserver for that domain, I don't see
how the cookies could be stolen if Apache were to supress ueue_* cookies from
going to the server-side scripting language on m.e.o.....  But, honestly, I
don't profess to be an expert in all things so I'm really eager for more
information.  Truly!  :) :)

Again, w.r.t. the 20 cookie limit, I had no idea.... That's the beauty of a
community like evolt and the concept of peer review..  One doesn't have to know
*everything* we all contribute to the whole!  :)


Thanks!
Mark

--
"Caution: Cape does not enable user to fly."

-Batman costume warning label

More information about the thesite mailing list