obNetscapeHack: There is a feature called a "cookie file" in Netscape that is ripe for exploitation as a security leak. If you are using a Netscape server (and you may not even need that), you can feed all sorts of information into it without the user's knowlege. I have heard of one page that overloads the cookie file until the machine runs out of drive space. I am sure that there are other exploitable holes there... Any takers? Umm. The spec says that there is a maximum cookie size and a maximum number of cookies that should be sent. I'll be the last to claim

alano@teleport.com <Alan Olsen> ]: that Netscape created a 'standards-compliant' product, but they have at least recognized that these things aren't supposed to be infinitely large. rfb@lehman.com <Rick Busdiecker> ]:

Yikes! That sounds really bad. Do you have any more information on this? For example, can the server write to anything other than $HOME/.netscape-cookies? If I write protect that file, but it's still owned by me, will Netscape still modify it? The server can't write anything. Cookies are returned as HTTP response headers, which will either be: A) Ignored by a cookie-ignorant browser, or, B) Processed by a cookie-aware browser.

In either case, the cookie cache reading/writing is done by the browser. If the browser is running as 'you' then it can access files that 'you' own. If you write protect it against yourself, then its likely that your user-agent (Netscape) running as 'you' can't write to that file. Cheers! w. archibald =