Re: Re: Cookies at XML Europe 2004 -- Call for Participation

Cart

XML Editor - Download a Free Trial >

See What's New >

Buy Now >

[Home] [By Thread] [By Date] [Recent Entries]

To: Joshua Allen <joshuaa@m...>
Subject: Re: Re: Cookies at XML Europe 2004 -- Call for Participation
From: John Cowan <cowan@m...>
Date: Wed, 7 Jan 2004 19:01:26 -0500
Cc: xml-dev@l...
In-reply-to: <0E36FD96D96FCA4AA8E8F2D199320E52A9DFB2@R...>
References: <0E36FD96D96FCA4AA8E8F2D199320E52A9DFB2@R...>
User-agent: Mutt/1.3.28i

Joshua Allen scripsit:

> Regardless of whether you store your session token as Rich describes
> in a cookie, or in the URL, there is a danger that someone could use
> a man in the middle attack like you describe.  

Indeed, if I get to filter *all* your accesses to the net, I can make
you believe anything I want, by masquerading as all possible trusted
third parties.  There's nothing to be done about this.

-- 
Do NOT stray from the path!             John Cowan <jcowan@r...>
        --Gandalf                       http://www.ccil.org/~cowan

Follow-Ups:
- Re: Re: Cookies at XML Europe 2004 -- Call for Participation
  - From: Rich Salz <rsalz@d...>

References:
- RE: Re: Cookies at XML Europe 2004 -- Call for Participation
  - From: "Joshua Allen" <joshuaa@m...>

Prev by Date: RE: Re: Cookies at XML Europe 2004 -- Call for Participation
Next by Date: Re: Re: wacky XML
Previous by thread: RE: Re: Cookies at XML Europe 2004 -- Call for Participation
Next by thread: Re: Re: Cookies at XML Europe 2004 -- Call for Participation
Index(es):
- Date
- Thread

XML Editor - Download a 15 Day Free Trial Now >

See What's New in Stylus Studio >

Buy Stylus Studio - XML Editor - Now >