ONJava.com -- The Independent Source for Enterprise Java
oreilly.comSafari Books Online.Conferences.

advertisement

AddThis Social Bookmark Button
Article:
  Cookie Specification Vulnerabilities
Subject:   Misleading
Date:   2004-04-02 11:50:06
From:   ryantate
The article is titled "Cookie Specification Vulnerabilities." But it specifies just one actual "vulnerability," which isn't a security threat, just a headache: an untrusted web page can essentially clear out your existing cookies.


As for the hard work of actual summarizing cookie vulnerabilities for a large audience -- the ostensible point of the article -- the writer punts and merely states, "If you refer to an archive of security papers devoted to cookies vulnerabilities of many versions of the different browsers, you won't feel so safe, although you will know better know what to protect yourself from."


Alexander, if I wanted to delve into security papers on cookies, I wouldn't read your article in the first place. Don't waste my time.