- From: Ian Hickson <ian@hixie.ch>
- Date: Fri, 22 Feb 2008 10:50:11 +0000 (UTC)
- To: Jonas Sicking <jonas@sicking.cc>
- Cc: "WAF WG (public)" <public-appformats@w3.org>, Window Snyder <window@mozilla.com>, Daniel Veditz <dveditz@mozilla.com>, Brandon Sterne <bsterne@mozilla.com>, Jesse Ruderman <jruderman@gmail.com>
On Thu, 21 Feb 2008, Jonas Sicking wrote: > > [with cookies] One concern we found was that it makes it very easy for a > site to accidentally grant access to a users personal data without > realizing this is done without the users consent. I.e. the worry is that > server administrators will think that just because a request includes a > users cookies, that the user has authorized the request. To use the > examples above: [...] > > [without cookies] This both exposes the user to a greater risk since the > requesting site is actually given the credential, and also risks > creating a culture where people give out their passwords to other sites. > > [prompting user] Prompting the user here should be right out, IMHO. Users would not be able to make informed decisions. In my opinion, the problem described as [without cookies] above is many orders of magnitude worse than the theoretical problem described under [with cookies]. In addition, the risk given above under [with cookies] is present even without cookies, it just migrates to whatever other authentication mechanism is used. I think ironically that not sending cookies is therefore by far the least secure option we are faced with here. -- Ian Hickson U+1047E )\._.,--....,'``. fL http://ln.hixie.ch/ U+263A /, _.. \ _\ ;`._ ,. Things that are impossible just take longer. `._.-(,_..'--(,_..'`-.;.'
Received on Friday, 22 February 2008 10:50:20 UTC