Re: Cookies and LWP and shopping sites

Roy T. Fielding (fielding@kiwi.ics.uci.edu)
Tue, 28 Apr 1998 10:32:17 -0700

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Achim Bohnet: "HTML-Tree-0.50 test suite failures"
Previous message: JP May: "Re: Cookies and LWP and shopping sites"
Maybe in reply to: Richard Sharpe: "Cookies and LWP and shopping sites"

>A lot of shops out there use cookies in a fairly in-secure way to encode
>user-ids that are picked up on the next request to the store.
>
>What is to stop someone snooping them and using LWP to hijack user
>accounts? Or  guessing userids ...

Nothing.  That is why it is an insecure way.  A reasonably knowledgable
person can do the same with Netscape, MSIE, or even TELNET.

....Roy

Next message: Achim Bohnet: "HTML-Tree-0.50 test suite failures"
Previous message: JP May: "Re: Cookies and LWP and shopping sites"
Maybe in reply to: Richard Sharpe: "Cookies and LWP and shopping sites"