Might it be a good idea to conceal (make hash/ otherwise encrypt) the username in a cookie?
-S-
__________________________________ Do you Yahoo!? Yahoo! SiteBuilder - Free, easy-to-use web site design software http://sitebuilder.yahoo.com
Jens Frank wrote:
On Sat, Aug 09, 2003 at 10:57:51AM -0700, Steve Vertigo wrote:
Might it be a good idea to conceal (make hash/ otherwise encrypt) the username in a cookie?
What for?
So that people trying to figure out what the cookies on their own computer are for will have the truth hidden from them?
I don't see the point of that.
-- brion vibber (brion @ pobox.com)
Allow me to clarify -- there was a recent study on fingerprinting done via miscellaneous stuff - server llogs, etc. cookies being a basic kind of fingerprinting tool for access. Yadda yadda..
As a sysop -- I have certain limited powers, but few enough that it doesnt require I log in via ssl etc, but does this mean that basic accounts be left with no basic security whatsoever? I understand the tradeoff -- does hashing a username/id in a cookie actually eat up too many cycles with each transaction? Doesnt this policy sorta open WP up to some havock beyond what even developers might have a pain of a time changing back?
-Not to be buggin ya. -S-
So that people trying to figure out what the cookies on their own computer are for will have the truth hidden from them?
I don't see the point of that.
-- brion vibber (brion @ pobox.com)
Wikitech-l mailing list Wikitech-l@wikipedia.org
http://mail.wikipedia.org/mailman/listinfo/wikitech-l
__________________________________ Do you Yahoo!? Yahoo! SiteBuilder - Free, easy-to-use web site design software http://sitebuilder.yahoo.com
Steve Vertigo wrote:
Allow me to clarify -- there was a recent study on fingerprinting done via miscellaneous stuff - server llogs, etc. cookies being a basic kind of fingerprinting tool for access. Yadda yadda..
Dude, your user name is shipped across the internet in plaintext in every page you download from the server while logged in. Why are you worried about a cookie that has the same information?
-- brion vibber (brion @ pobox.com)
Good question. NM. -S-
--- Brion Vibber brion@pobox.com wrote:
Steve Vertigo wrote:
Allow me to clarify -- there was a recent study on fingerprinting done via miscellaneous stuff -
server
llogs, etc. cookies being a basic kind of fingerprinting tool for access. Yadda yadda..
Dude, your user name is shipped across the internet in plaintext in every page you download from the server while logged in. Why are you worried about a cookie that has the same information?
-- brion vibber (brion @ pobox.com)
Wikitech-l mailing list Wikitech-l@wikipedia.org
http://mail.wikipedia.org/mailman/listinfo/wikitech-l
__________________________________ Do you Yahoo!? Yahoo! SiteBuilder - Free, easy-to-use web site design software http://sitebuilder.yahoo.com
wikitech-l@lists.wikimedia.org