- From: Koen Holtman <koen@win.tue.nl>
- Date: Tue, 23 Apr 1996 22:16:46 +0200 (MET DST)
- To: Dave Kristol <dmk@allegra.att.com>
- Cc: koen@win.tue.nl, http-wg%cuckoo.hpl.hp.com@hplb.hpl.hp.com
Dave Kristol: > >koen@win.tue.nl (Koen Holtman) wrote: > > #control over sessions in order to insure privacy. > > > > Shouldn't this be `assure'? >Well, maybe "ensure". :) Actually, `ensure' was the word I was thinking of first, but I could not find it in any on-line dictionary. > > #8.2 Cookie Spoofing > > # > > [...] > > #Note that a server at cracker.edu could send a cookie to the client and > > #subsequently get both of the cookies in the preceding example as well as > > #its own. > > > > I was confused by this, and after re-reading it twice, I think this is > > wrong. I believe this should be: > > > > Note that a server called cracker.edu could send a cookie to the > > client without an explicit domain, and subsequently get the second > > cookie in the preceding example as well as its own. > >No. Actually, the whole passage must be dropped. You are right. My correction above is also incorrect. >Dave Koen.
Received on Tuesday, 23 April 1996 13:22:41 UTC