Allow me to clarify -- there was a recent study on fingerprinting done via miscellaneous stuff - server llogs, etc. cookies being a basic kind of fingerprinting tool for access. Yadda yadda..

As a sysop -- I have certain limited powers, but few enough that it doesnt require I log in via ssl etc, but does this mean that basic accounts be left with no basic security whatsoever? I understand the tradeoff -- does hashing a username/id in a cookie actually eat up too many cycles with each transaction? Doesnt this policy sorta open WP up to some havock beyond what even developers might have a pain of a time changing back?

-Not to be buggin ya. -S-

So that people trying to figure out what the cookies on their own computer are for will have the truth hidden from them?

I don't see the point of that.

-- brion vibber (brion @ pobox.com)

---

Wikitech-l mailing list Wikitech-l@wikipedia.org

http://mail.wikipedia.org/mailman/listinfo/wikitech-l

__________________________________ Do you Yahoo!? Yahoo! SiteBuilder - Free, easy-to-use web site design software http://sitebuilder.yahoo.com

Good question. NM. -S-

--- Brion Vibber brion@pobox.com wrote:

Steve Vertigo wrote:

...

Allow me to clarify -- there was a recent study on fingerprinting done via miscellaneous stuff -

server

...

llogs, etc. cookies being a basic kind of fingerprinting tool for access. Yadda yadda..

Dude, your user name is shipped across the internet in plaintext in every page you download from the server while logged in. Why are you worried about a cookie that has the same information?

-- brion vibber (brion @ pobox.com)

---

Wikitech-l mailing list Wikitech-l@wikipedia.org

http://mail.wikipedia.org/mailman/listinfo/wikitech-l

__________________________________ Do you Yahoo!? Yahoo! SiteBuilder - Free, easy-to-use web site design software http://sitebuilder.yahoo.com