[thelist] [Security] Any security risks with Low privacysettingin IE?
Kelly Hallman
khallman at wrack.org
Thu Aug 7 03:42:29 CDT 2003
On Wed, 6 Aug 2003, Chris Johnston wrote:
> This includes both first and third party cookies? So what you are saying
> is that lowering the privacy settings to "low" in IE 6 poses absolutely
> no risk to users in anyway - security or otherwise?
I think everyone missed the "third party" cookie part.
Third party cookies are, as I understand it, cookies set by site A for
site B. So in other words, I could set an ebay cookie from my site, and
those browsers would take it. Not probably a real big risk in reality,
but in terms of security it's potential exposure.
> Are cookies truely benevolent pieces of text placed on a users computer or
> can they be used for harm?
Cookies are meant to be opaque identifiers. They are certainly harmless
on their own, but they are a bit sensitive since they often contain
session tracking information. If you allow a third party site to
manipulate that data, there's some element of risk.
--
Kelly Hallman
http://wrack.org/
More information about the thelist
mailing list