- From: Donald Neal <d.neal@waikato.ac.nz>
- Date: Fri, 07 Feb 1997 09:42:48 +1200
- To: http-wg%cuckoo.hpl.hp.com@hplb.hpl.hp.com, www-talk@w3.org
At 05:19 PM 6/02/97 +0100, Koen Holtman wrote: [...] >>BTW, the silent rejection of cookies, esp. by domain name, is a good idea. > >I think this idea is covered by the suggestions in the spec. > >Some slightly off-topic information: if you edit your netscape preferences >file to read > ACCEPT_COOKIE: 2 >then NS will apparantly reject cookies without asking (I have not tried >this, but I read it in the risk digest.. A commercial product which allows >rejection by domain name (called PGPcookie.cutter) has been announced. >Also, extending a proxy to provide cookie filtering services is trivial, and >if someone has not done it already, someone will do it soon. (I did it >myself actually, but not in an industrial strength proxy implementation.) The commercial Harvest caching product does this from release 3.0 on. We do use this feature here, but not for reasons of security or privacy. We use it because cookies are used by some web sites solely to prevent the caching of pages at that site. It saves our end users time and money if the proxy cache refuses to accept cookies from particular sites known to do this. A more general policy of ignoring cookies on the transfer of graphic objects is an interesting possibility I have not yet had the courage to implement. It's worth bearing in mind that proxy caches tend to be paid for by readers of material and not by publishers. It must be expected that their administrators' actions will reflect that fact. Whether that implies that the use of cookies should be tightly restricted by the standard to encourage proxy caches to accept them, or that what the standard says may be disregarded anyway by many cache administrators, I'm not sure. - Donald Neal
Received on Thursday, 6 February 1997 15:58:28 UTC