Re: Heads up, cookies *may* be outlawed in Europe

This WebDNA talk-list message is from

2001


It keeps the original formatting.
numero = 40060
interpreted = N
texte = On 11/12/01 10:05 PM, Bob Minor wrote:> The logic has to be sound, it is your job as a developer to do the best you > can to secure the customers data or you will likely find yourself on the end > of a lawsuit. And in essence this is the point. We all expect that developers use sound logic. Unfortunately, we all know its not always the case. Truth is I have seen too many things that are considered non-sensitive info that is easily accessible via my browser and thus a cookie. Is the information 'private'? Damn straight! Is it sensitive? Well apparently the developer didn't think so, but perhaps I do.The trap comes in where 'questionable' data is accessible via cookie only (with a login if the site doesn't find a cookie) and that data is potentially used to gather information.I know everyone instantly jumps to the idea of credit card numbers. Truth is you're many times more likely to have you card number lifted at a restaurant or a bar than online but hey, everyone still fears it.I have always been more concerned about the gray info. That stuff that many people don't feel is sensitive. Like purchase histories on sites like Amazon, or emails on WWW mail systems, etc. Perhaps its because some of my clients have been soooo anal about it. Going as far as forcing logouts after a brief inactive period (using time stamps between pages for comparison)... To say nothing of multiple session cookies.Sorry, I guess this is getting off of webcat. Just thought that with cookies not being the 'lock box' that everyone thought they were, that it might be in our best interests to review how and why we use them and what issue might revolve around that usage.Back to your regularly scheduled program.AlexAlex J McCombie New World Media Chief Information Officer Drawer 607 800/724.8973 Fair Haven, NY 13064 Alex@NewWorldMedia.com http://OurClients.comInterface Designer WebDNA Programmer Database Designer------------------------------------------------------------- This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to Web Archive of this list is at: http://search.smithmicro.com/ Associated Messages, from the most recent to the oldest:

    
  1. Re: Heads up, cookies *may* be outlawed in Europe (Alex McCombie 2001)
  2. Re: Heads up, cookies *may* be outlawed in Europe (Bob Minor 2001)
  3. Re: Heads up, cookies *may* be outlawed in Europe (Bob Minor 2001)
  4. Re: Heads up, cookies *may* be outlawed in Europe (Paul Uttermohlen 2001)
  5. Re: Heads up, cookies *may* be outlawed in Europe (Alex McCombie 2001)
  6. Re: Heads up, cookies *may* be outlawed in Europe (Bob Minor 2001)
  7. Re: Heads up, cookies *may* be outlawed in Europe (Alex McCombie 2001)
  8. Re: Heads up, cookies *may* be outlawed in Europe (John Peacock 2001)
  9. Re: Heads up, cookies *may* be outlawed in Europe (John Peacock 2001)
  10. Re: Heads up, cookies *may* be outlawed in Europe (Glenn Busbin 2001)
  11. Re: Heads up, cookies *may* be outlawed in Europe (Bob Minor 2001)
  12. Re: Heads up, cookies *may* be outlawed in Europe (Alex McCombie 2001)
  13. Re: Heads up, cookies *may* be outlawed in Europe (dale 2001)
  14. Re: Heads up, cookies *may* be outlawed in Europe (John Peacock 2001)
  15. Heads up, cookies *may* be outlawed in Europe (dale 2001)
On 11/12/01 10:05 PM, Bob Minor wrote:> The logic has to be sound, it is your job as a developer to do the best you > can to secure the customers data or you will likely find yourself on the end > of a lawsuit. And in essence this is the point. We all expect that developers use sound logic. Unfortunately, we all know its not always the case. Truth is I have seen too many things that are considered non-sensitive info that is easily accessible via my browser and thus a cookie. Is the information 'private'? Damn straight! Is it sensitive? Well apparently the developer didn't think so, but perhaps I do.The trap comes in where 'questionable' data is accessible via cookie only (with a login if the site doesn't find a cookie) and that data is potentially used to gather information.I know everyone instantly jumps to the idea of credit card numbers. Truth is you're many times more likely to have you card number lifted at a restaurant or a bar than online but hey, everyone still fears it.I have always been more concerned about the gray info. That stuff that many people don't feel is sensitive. Like purchase histories on sites like Amazon, or emails on WWW mail systems, etc. Perhaps its because some of my clients have been soooo anal about it. Going as far as forcing logouts after a brief inactive period (using time stamps between pages for comparison)... To say nothing of multiple session cookies.Sorry, I guess this is getting off of webcat. Just thought that with cookies not being the 'lock box' that everyone thought they were, that it might be in our best interests to review how and why we use them and what issue might revolve around that usage.Back to your regularly scheduled program.AlexAlex J McCombie New World Media Chief Information Officer Drawer 607 800/724.8973 Fair Haven, NY 13064 Alex@NewWorldMedia.com http://OurClients.comInterface Designer WebDNA Programmer Database Designer------------------------------------------------------------- This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to Web Archive of this list is at: http://search.smithmicro.com/ Alex McCombie

DOWNLOAD WEBDNA NOW!

Top Articles:

Talk List

The WebDNA community talk-list is the best place to get some help: several hundred extremely proficient programmers with an excellent knowledge of WebDNA and an excellent spirit will deliver all the tips and tricks you can imagine...

Related Readings:

Displaying text and populating form fields (2005) Comments in db? (1997) calculating tax rates, mail order solutions and version 2 (1997) [WebDNA] Poll: Discussion Forum (2009) FYI: virus alert (1996) Database Fields (1997) Fun with dates (1997) Interactive Docs (2007) Further tests with the infamous shipCost (1997) Multiple Pulldowns (1997) referrer usage (1997) Mime-Version in email header (1997) WebDNA Speed Test (2008) [WebDNA] Grep out square brackets? (2010) Shownext on AOL (2003) webcat developer list (2001) IIS4/WebCat3.0 Authentication (1999) Re[4]: Charting records by state (2000) [isfile] ? (1997) Fw: Webcat followup question (1999)