Re: Heads up, cookies *may* be outlawed in Europe

This WebDNA talk-list message is from

2001


It keeps the original formatting.
numero = 40051
interpreted = N
texte = On 11/12/01 6:35 PM, Alex McCombie wrote:> Specifically, a foreseeable issue is someone that uses cookies to allow > logins, or access to critical or sensitive information. Once that cookie > information is 'mined' through this new crack, that information could be > replicated and thus used to allow access to this information. But you can't just allow cookie existance to provide access, instead it has to be a compound of things based on the need to protect data. If you don't mind losing it then stick it in a cookie, but this should not be new. Just the very nature of a cookie is insecure and unreliable. If however you put in a username that allows quick access via a password then I think you can be relatively sure that you are ok.Lets say you allow people to quickpay based on stored data. In fact you store there credit card. You should require that they enter a password and that they only ship to the bill to or the data on record. And you would NEVER show them the whole card number. While you remembered who they were as a username you didn't give anything away that could be used without some sort of additional knowledge.The logic has to be sound, it is your job as a developer to do the best you can to secure the customers data or you will likely find yourself on the end of a lawsuit.Robert Minor Director of Internet Services ------------------------------------------------------------ Cybermill Communications http://www.cybermill.com http://www.merchantmaker.comProviding Ecommerce and interactive website development and hosting services on Macintosh, Windows NT, Unix, and AS/400.All your websites are belong to us! ------------------------------------------------------------- This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to Web Archive of this list is at: http://search.smithmicro.com/ Associated Messages, from the most recent to the oldest:

    
  1. Re: Heads up, cookies *may* be outlawed in Europe (Alex McCombie 2001)
  2. Re: Heads up, cookies *may* be outlawed in Europe (Bob Minor 2001)
  3. Re: Heads up, cookies *may* be outlawed in Europe (Bob Minor 2001)
  4. Re: Heads up, cookies *may* be outlawed in Europe (Paul Uttermohlen 2001)
  5. Re: Heads up, cookies *may* be outlawed in Europe (Alex McCombie 2001)
  6. Re: Heads up, cookies *may* be outlawed in Europe (Bob Minor 2001)
  7. Re: Heads up, cookies *may* be outlawed in Europe (Alex McCombie 2001)
  8. Re: Heads up, cookies *may* be outlawed in Europe (John Peacock 2001)
  9. Re: Heads up, cookies *may* be outlawed in Europe (John Peacock 2001)
  10. Re: Heads up, cookies *may* be outlawed in Europe (Glenn Busbin 2001)
  11. Re: Heads up, cookies *may* be outlawed in Europe (Bob Minor 2001)
  12. Re: Heads up, cookies *may* be outlawed in Europe (Alex McCombie 2001)
  13. Re: Heads up, cookies *may* be outlawed in Europe (dale 2001)
  14. Re: Heads up, cookies *may* be outlawed in Europe (John Peacock 2001)
  15. Heads up, cookies *may* be outlawed in Europe (dale 2001)
On 11/12/01 6:35 PM, Alex McCombie wrote:> Specifically, a foreseeable issue is someone that uses cookies to allow > logins, or access to critical or sensitive information. Once that cookie > information is 'mined' through this new crack, that information could be > replicated and thus used to allow access to this information. But you can't just allow cookie existance to provide access, instead it has to be a compound of things based on the need to protect data. If you don't mind losing it then stick it in a cookie, but this should not be new. Just the very nature of a cookie is insecure and unreliable. If however you put in a username that allows quick access via a password then I think you can be relatively sure that you are ok.Lets say you allow people to quickpay based on stored data. In fact you store there credit card. You should require that they enter a password and that they only ship to the bill to or the data on record. And you would NEVER show them the whole card number. While you remembered who they were as a username you didn't give anything away that could be used without some sort of additional knowledge.The logic has to be sound, it is your job as a developer to do the best you can to secure the customers data or you will likely find yourself on the end of a lawsuit.Robert Minor Director of Internet Services ------------------------------------------------------------ Cybermill Communications http://www.cybermill.com http://www.merchantmaker.comProviding Ecommerce and interactive website development and hosting services on Macintosh, Windows NT, Unix, and AS/400.All your websites are belong to us! ------------------------------------------------------------- This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to Web Archive of this list is at: http://search.smithmicro.com/ Bob Minor

DOWNLOAD WEBDNA NOW!

Top Articles:

Talk List

The WebDNA community talk-list is the best place to get some help: several hundred extremely proficient programmers with an excellent knowledge of WebDNA and an excellent spirit will deliver all the tips and tricks you can imagine...

Related Readings:

math on date? (1997) multiple prices (1998) BUG NOTICE: (2003) WebCat2b13MacPlugIn - [include] doesn't allow creator (1997) synching databases on multiple servers (1997) Number of Feilds Passed to [append] (2000) Another XML Questgion (2000) a small clarification (2002) [table] strange behaviour (2003) Thanks Grant (1997) date formatting for CC card expiration date check (1998) Webcatalog 4.0 - When will we be able to beta test it? (2000) Problems with store (1998) Requiring that certain fields be completed (1997) Another bug to squash (WebCat2b13 Mac .acgi) (1997) GoodPath and MoveFile (2000) Country & Ship-to address & other fields ? (1997) Forms Search Questions (1997) [shownext max=?] armed (1997) New Mac b2 installer... (2000)