Re: Linking a cookie to an IP address is a very bad in 2015...

On Wed, Apr 01, 2015 at 12:57:56PM -0700, Max Bruce wrote:
> That's a great point. What about User-Agent checking?

Yes, that's what Michael mentionned as well. I *believe* that some
UAs send different values when a plugin performs a request, but I'm
not 100% certain. That's clearly something to check for those who
want to do this though.

I find it fun to see people scared about cookie stealing at an era
where some others are pushing hard for TLS everywhere. Either one
is a problem of the past, or the other is ineffective against info
leak :-)


Received on Wednesday, 1 April 2015 20:10:07 UTC