lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date: Wed Feb 22 02:20:50 2006
From: simon at snosoft.com (Simon Smith)
Subject: Re: Re: Forum / Site redone

I want to have cookies. They are good with milk. Damn you anti-cookie
lovin freaks!

nodialtone wrote:
> Lets all ensure that all the crumbs are vacuumed up as well.
>
> On Tue, 2006-02-21 at 14:14, Dave Korn wrote:
>   
>> Nigel Horne wrote:
>>     
>>>> Nigel Horne wrote:
>>>>         
>>>>>> Thanks for the comments.  Site has been redone ( I re-didit )  Feel
>>>>>> free to keep the comments coming.
>>>>>>
>>>>>> http://www.iatechconsulting.com
>>>>>>             
>>>>> Why does it attempt to store 2 cookies on my machine when all I do
>>>>> visit your front page?
>>>>>           
>>>>   Because that's how PHP tracks your session ID.
>>>>
>>>>         
>>>>> Needless to say I said "no".
>>>>>           
>>> Public access websites should not have session IDs just to visit their
>>> frontpage.
>>>       
>>   Like it matters the tiniest little bit at all.
>>
>>   You can refuse the cookie if you want.
>>
>>   You can accept it if you want the personalisation you'll get.
>>
>>   You can set your browser to flush cookies at the end of the session if you 
>> don't want the same server to identify you next time.
>>
>>   You can hang on to it indefinitely if you do.
>>
>>   It takes next to no space on your hard drive, is entirely under your 
>> control, and it's not some kind of magical demon sent by the NSA to spy on 
>> you, so who cares?
>>
>>   You're presenting this claim that "Public access websites" (you mean 
>> 'publicly accessible' websites, I take it) "should not have" session IDs. 
>> Well, /WHY/ should they not?  This claim needs justifying.  Ethical reasons? 
>> Financial reasons?  Health and safety reasons?  Aesthetic reasons?  Or just 
>> because Nigel Horne says so, and whatever he says is so obviously patently 
>> right and true that all right-thinking people will just accept your word for 
>> it unquestioningly?
>>
>>
>>     cheers,
>>       DaveK
>>     
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>   


-- 


Regards, 
	Adriel T. Desautels
	Harvard Security Group
	http://www.harvardsecuritygroup.com

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ