RE: HTTP Server's jobs for CGI applications

["Stone, Brad V (TC)" <bvstone@xxxxxxxxxxxxxx>]

> Brad wrote:
> >Cookies make CGI programming in any language easier once you 
> know how to
> >write and read them.  URL Munging like amazon's page is just 
> as easy in
> any
> >CGI language as it is with JSPs or Java Servelets.  But, it 
> also makes it
> >easier to get around for the average hacker who doesn't know how to
> >manipulate cookie contents.  Saving a page and chaning the 
> URLs is easy to
> >do.
> 
> Gimme a break!  If someone knows how to hack the URLs on a
> web page, you really think they won't know how to hack a
> cookie?
> 
> I really wasn't going to bother with this thread anymore,
> but that comment of yours was your silliest yet!
> 

Silliest yet?  No, I think it's about 10 of your previous replies that when
you were backed into a corner, you did a 180 on the subject.  Ever think of
politics?  ;)

Hacking HTML, anyone can do if they figure out "save as" and that they can
open the saved html doc in notepad.  

With cookies, finding the cookie on your hard drive is the first part of it.
Next, if the data isn't "human readable", then you'll have quite a time
figuring out what to replace and what to replace it with.  Remember, because
you know how to do it (or claim to) doesn't make it "easy".  Especially
since most people that place cookies no doubt do double checks on the data
to eliminate this security "risk".

I don't know where you get your experience from on this subject, Hans, but
it shows (or doesn't).

Brad
+---
| This is the Midrange System Mailing List!
| To submit a new message, send your mail to MIDRANGE-L@midrange.com.
| To subscribe to this list send email to MIDRANGE-L-SUB@midrange.com.
| To unsubscribe from this list send email to MIDRANGE-L-UNSUB@midrange.com.
| Questions should be directed to the list owner/operator: david@midrange.com
+---