- From: Rigo Wenning <rigo@w3.org>
- Date: Fri, 26 Oct 2001 23:06:46 +0200
- To: www-p3p-public-comments@w3.org
----- Forwarded message from Morris <morris@AtlanticBT.com> ----- From: "Morris" <morris@AtlanticBT.com> To: <www-p3p-public-comments@w3.org> Cc: <malda@slashdot.org> Date: Fri, 26 Oct 2001 13:32:01 -0400 (EDT) Subject: [Moderator Action] Cookies >From rigo Fri Oct 26 22:55:09 2001 Envelope-to: rigo@localhost Delivery-date: Fri, 26 Oct 2001 22:55:09 +0200 Old-Date: Fri, 26 Oct 2001 13:34:30 -0400 X-Mailer: Microsoft Outlook Express 5.00.2314.1300 P3P, If a site uses a Logon ID & Password, there is nothing that I am aware of that cookies are necessary for (except tracking cross-site usage and multiple users of the same computer) that I can't do at least as well using State values saved in a server side database. Sure, server side state retention is a little more complex to implement, but it's not that hard. And by doing so, I am retaining State about the User, not the computer the User is currently at. As the user moves from home, to office, to laptop, I retain access to their State data. Cookie systems do not. So why do I find sites claiming that P3P says they should use cookies? You write on your hard drive and I'll write on mine. I'll read from my hard drive and you read from yours. I will send to you what I want you to know and you will send to me what you choose to let me know. That's privacy and security. If I can read from and write to your hard drive, then it's at least an order of magnitude harder to ensure security and privacy. If you grant someone the right to read from & write to your hard drive, then the Crackers will exploit that access. It's so much easier to lock the door than to guard the open doorway. Morris ----- End forwarded message -----
Received on Friday, 26 October 2001 17:06:45 UTC