× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.


  1.  Home
  2. MIDRANGE-L
  3. July 2000

RE: HTTP Server's jobs for CGI applications

  • Subject: RE: HTTP Server's jobs for CGI applications
  • From: Leslie Russell <leslier@xxxxxxxxxx>
  • Date: Wed, 19 Jul 2000 13:24:58 GMT
 
This is also my last post but I want to make sure and redirect. Once 
again leaving cookies laying around which can fall prey to unscrupulous 
scripters is just poor programming. Expire the cookie. If you can control 
their exit then just before they leave your site delete the cookie, then 
recreate the cookie but write garbage to it. Also, don't make the mistake 
of putting your users vital info (user name, password, address, CC#) in a 
cookie. 

Sure another program can get a list of the cookies on your machine using 
java script but that can also be done via a server side perl script and 
you can't disable CGI from your browser. And not all programmers follow 
the simple rules for making cookies safe, but that doesn't mean cookies 
are invading your privacy it means some programmers are lazy. 

So if all programmers we contientious, and no cookies held sensative data 
then there would still be the people who say; "But they are tracking me, 
they know what sites I am visiting! And the government is reading my 
thought waves!". 
But have you ever gone out and looked at your server logs? You can 
customize apache server logs to capture all kinds of information about 
the hit and if you imbed an SSI in your home page then you can write a 
script to collect even more info about the hit. So places like 
doubleclick might be using java script to create nice little rolling 
images but they are using other methods to collect your data.

A cookie is a good way to track your user around a site but it shouldn't 
be used as a database, except for in shoping carts but NO VITAL INFO. 
All the bad press cookies get come from lazy programming, the security 
risk comes when lazy programmers store sensative info in a cookie. So 
don't do that its as simple as that. 

Why send each item in a customers shoping cart back to the server to be 
processed? Validate the order in the browser and then, if the user 
doesn't cancel the order, send the order back to the server. 

+---
| This is the Midrange System Mailing List!
| To submit a new message, send your mail to MIDRANGE-L@midrange.com.
| To subscribe to this list send email to MIDRANGE-L-SUB@midrange.com.
| To unsubscribe from this list send email to MIDRANGE-L-UNSUB@midrange.com.
| Questions should be directed to the list owner/operator: david@midrange.com
+---

As an Amazon Associate we earn from qualifying purchases.

This thread ...
Replies:
Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.