W3C home > Mailing lists > Public > www-talk@w3.org > March to April 2000

Re: Security: Cookies

From: Andrew Daviel <andrew@daviel.org>
Date: Fri, 28 Apr 2000 18:33:46 -0700 (PDT)
To: www-talk@w3.org
Message-ID: <Pine.LNX.4.10.10004281828480.28189-100000@home.daviel.org>

An advisory recently about a cookie security problem :

http://www.peacefire.org/security/jscookies/

A site can set a cookie which contains a script, then
open a frame on your cookie file thus executing the script with
the domain of your PC, able to parse HTML files and directories
on your PC.

Cookies were also mentioned in the "cross platform scripting
advisory" - which is really about web forums, chat rooms and
query scripts being able to attack other HTML forms on the same
server.


Andrew Daviel      
http://vancouver-webpages.com/andrew
Deniable unless digitally signed.
Received on Friday, 28 April 2000 23:12:43 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Wednesday, 27 October 2010 18:14:24 GMT