regsNEBCORP.COM

• Next message: Andre L. Dos Santos: "Statistical Attack Against Virtual Banks"
• Previous message: Peter Berendi: "Re: Tempfile vulnerabilities"
• In reply to: Dylan Griffiths: "Re: Evil Cookies."
• Next in thread: Michael Bryan: "Re: Evil Cookies."
• Next in thread: Jon Paul, Nollmann: "Re: Evil Cookies."
• Reply: Ari Gordon-Schlosberg: "Re: Evil Cookies."
• Reply: Michael Bryan: "Re: Evil Cookies."
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

[Dylan Griffiths <Dylan_GBIGFOOT.COM>]
> Thomas Reinke wrote:
> > There is no easy patch to this problem. The only solution I
> > can think of, which is not an easy one, would be to have browsers
> > have intimate knowledge of what constitutes an organization's
> > "domain of influence", and limit cookies accordingly. This
> > is essentially impossible to implement.
>
> A better solution would be explicit (ie: finer grained) control of cookies.
> Not as finely grained as the prompt option of Lynx, but more specific than
> the current Netscape settings.

Actually, this is implemented in a rudimentary way in IE 5.x, with their
"zones" of security. If you're interested, take a look at Mozilla's M13
milestone release. It allows fine-grained control of cookiees, with its
"Never Accept Cookiees" domain/site list. It also gives the user an
intuitive interface to actually browse their cookiees. (Look in the Wallet
section).

--
Ari							there is no spoon
-------------------------------------------------------------------------
http://www.nebcorp.com/~regs/pgp for PGP public key

• Next message: Andre L. Dos Santos: "Statistical Attack Against Virtual Banks"
• Previous message: Peter Berendi: "Re: Tempfile vulnerabilities"
• In reply to: Dylan Griffiths: "Re: Evil Cookies."
• Next in thread: Michael Bryan: "Re: Evil Cookies."
• Next in thread: Jon Paul, Nollmann: "Re: Evil Cookies."
• Reply: Ari Gordon-Schlosberg: "Re: Evil Cookies."
• Reply: Michael Bryan: "Re: Evil Cookies."
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]