W3C home > Mailing lists > Public > www-p3p-public-comments@w3.org > October 2001

[fwd] [Moderator Action] Cookies

From: Rigo Wenning <rigo@w3.org>
Date: Fri, 26 Oct 2001 23:06:46 +0200
To: www-p3p-public-comments@w3.org
Message-ID: <20011026230646.C749@localhost>
----- Forwarded message from Morris <morris@AtlanticBT.com> -----

From: "Morris" <morris@AtlanticBT.com>
To: <www-p3p-public-comments@w3.org>
Cc: <malda@slashdot.org>
Date: Fri, 26 Oct 2001 13:32:01 -0400 (EDT)
Subject: [Moderator Action] Cookies
>From rigo  Fri Oct 26 22:55:09 2001
Envelope-to: rigo@localhost
Delivery-date: Fri, 26 Oct 2001 22:55:09 +0200
Old-Date: Fri, 26 Oct 2001 13:34:30 -0400
X-Mailer: Microsoft Outlook Express 5.00.2314.1300

P3P,

If a site uses a Logon ID & Password, there is nothing that I am aware of that cookies are necessary for (except tracking cross-site usage and multiple users of the same computer) that I can't do at least as well using State values saved in a server side database.  

Sure, server side state retention is a little more complex to implement, but it's not that hard.  And by doing so, I am retaining State about the User, not the computer the User is currently at.  As the user moves from home, to office, to laptop, I retain access to their State data.  Cookie systems do not.

So why do I find sites claiming that P3P says they should use cookies?  You write on your hard drive and I'll write on mine.  I'll read from my hard drive and you read from yours.  I will send to you what I want you to know and you will send to me what you choose to let me know.  That's privacy and security.  If I can read from and write to your hard drive, then it's at least an order of magnitude harder to ensure security and privacy.  

If you grant someone the right to read from & write to your hard drive, then the Crackers will exploit that access.  It's so much easier to lock the door than to guard the open doorway.

Morris

----- End forwarded message -----
Received on Friday, 26 October 2001 17:06:45 GMT

This archive was generated by hypermail 2.2.0+W3C-0.1 : Tuesday, 21 September 2004 12:14:17 GMT