Re: Heads up, cookies *may* be outlawed in Europe

This WebDNA talk-list message is from

2001


It keeps the original formatting.
numero = 40048
interpreted = N
texte = on 11/12/01 9:10 PM, Paul Uttermohlen at deepaul@eudoramail.com wrote:>> You would have to be a moron to sensitive data in a cookie. >> >> Robert Minor > > Thanks Bob. Once again you have left me laughing out loud and > smiling. Also, it bears repeating: > > You would have to be a moron to store sensitive data in a cookie. > > I have been known to occasionally do something moronic, so I can say > to my fellow morons if you are doing something as insecure as saving > a persons credit card number as a cookie, don't do that! Save data of > that nature only in a database and never send it in email or display > it on an non-encrypted page that is not password protected. > > Good Luck, Paul Yes, but as usual it goes beyond the obvious. The real issue comes from sensitive information, which is often Strategic Business Information which is NOT credit card or financial in nature.Specifically, a foreseeable issue is someone that uses cookies to allow logins, or access to critical or sensitive information. Once that cookie information is 'mined' through this new crack, that information could be replicated and thus used to allow access to this information.And yes, I know that these scenarios are extreme, but I can tell you that many of our corporate and government clients take this security 'holes' very very seriously.IN any case, i just thought it might be worth mentioning that anyone that stores Credit card info in a cookie is indeed a, well Bob said it best. However, many others may be using cookies to streamline login procedure or otherwise allow access to information without backup verification of identity.:-0 Alex------------------------------------------------------------- This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to Web Archive of this list is at: http://search.smithmicro.com/ Associated Messages, from the most recent to the oldest:

    
  1. Re: Heads up, cookies *may* be outlawed in Europe (Alex McCombie 2001)
  2. Re: Heads up, cookies *may* be outlawed in Europe (Bob Minor 2001)
  3. Re: Heads up, cookies *may* be outlawed in Europe (Bob Minor 2001)
  4. Re: Heads up, cookies *may* be outlawed in Europe (Paul Uttermohlen 2001)
  5. Re: Heads up, cookies *may* be outlawed in Europe (Alex McCombie 2001)
  6. Re: Heads up, cookies *may* be outlawed in Europe (Bob Minor 2001)
  7. Re: Heads up, cookies *may* be outlawed in Europe (Alex McCombie 2001)
  8. Re: Heads up, cookies *may* be outlawed in Europe (John Peacock 2001)
  9. Re: Heads up, cookies *may* be outlawed in Europe (John Peacock 2001)
  10. Re: Heads up, cookies *may* be outlawed in Europe (Glenn Busbin 2001)
  11. Re: Heads up, cookies *may* be outlawed in Europe (Bob Minor 2001)
  12. Re: Heads up, cookies *may* be outlawed in Europe (Alex McCombie 2001)
  13. Re: Heads up, cookies *may* be outlawed in Europe (dale 2001)
  14. Re: Heads up, cookies *may* be outlawed in Europe (John Peacock 2001)
  15. Heads up, cookies *may* be outlawed in Europe (dale 2001)
on 11/12/01 9:10 PM, Paul Uttermohlen at deepaul@eudoramail.com wrote:>> You would have to be a moron to sensitive data in a cookie. >> >> Robert Minor > > Thanks Bob. Once again you have left me laughing out loud and > smiling. Also, it bears repeating: > > You would have to be a moron to store sensitive data in a cookie. > > I have been known to occasionally do something moronic, so I can say > to my fellow morons if you are doing something as insecure as saving > a persons credit card number as a cookie, don't do that! Save data of > that nature only in a database and never send it in email or display > it on an non-encrypted page that is not password protected. > > Good Luck, Paul Yes, but as usual it goes beyond the obvious. The real issue comes from sensitive information, which is often Strategic Business Information which is NOT credit card or financial in nature.Specifically, a foreseeable issue is someone that uses cookies to allow logins, or access to critical or sensitive information. Once that cookie information is 'mined' through this new crack, that information could be replicated and thus used to allow access to this information.And yes, I know that these scenarios are extreme, but I can tell you that many of our corporate and government clients take this security 'holes' very very seriously.IN any case, i just thought it might be worth mentioning that anyone that stores Credit card info in a cookie is indeed a, well Bob said it best. However, many others may be using cookies to streamline login procedure or otherwise allow access to information without backup verification of identity.:-0 Alex------------------------------------------------------------- This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to Web Archive of this list is at: http://search.smithmicro.com/ Alex McCombie

DOWNLOAD WEBDNA NOW!

Top Articles:

Talk List

The WebDNA community talk-list is the best place to get some help: several hundred extremely proficient programmers with an excellent knowledge of WebDNA and an excellent spirit will deliver all the tips and tricks you can imagine...

Related Readings:

WC1.6 to WC2 date formatting (1997) # fields limited? (1997) Date Question (2002) [WebDNA] WebDNA future (2010) Simple way to create unique SKU (1997) showif and cart (1997) removelineitems (2000) [WebDNA] File uploads using WebDNA (2010) [OT] Server check please (2006) August 15th WebDNA Chat - request (2002) Error:Too many nested [xxx] contexts (1997) PCS Frames (1997) Re1000001: Setting up shop (1997) Cart questions (1997) Nested tags count question (1997) WebCat2b13MacPlugIn - [include] doesn't allow creator (1997) MATH (1998) Updating a database once per day - An example (1998) New Guestbook Source (1997) OS X problem: when using [ShowCart] or [orderfile]... (2000)