Site Privacy issues
John Foust
jfoust at threedee.com
Fri Sep 17 08:45:02 CDT 2004
At 02:58 AM 9/17/2004, Gordon JC Pearce wrote:
>Now, if you want the server to have some idea of where a given client has come from *within your own site*, you can either fake it with hidden form fields (not always possible, but worth a try), a big long identifier in the GET request (ugly, and prone to error)
And those big long GET/PUT make it much easier for a sniffer on
your network (or along your path) to see your identifiers. :-)
I was travelling a minor auction site the other day, and noticed
that it was keeping state - including my password, in plaintext -
in its stateful URL.
- John
More information about the cctalk
mailing list