Re: CookieScan 0.0 rev 0
Subject: Re: CookieScan 0.0 rev 0 Sent: 7/15/96 4:57 PM Received: 7/15/96 6:01 PM From: Jeff Weinstein, jsw@netscape.com To: Christopher Hull, nozefngr@apple.com CC: cypherpunks@toad.com
Christopher Hull wrote:
What I imagine is a little utility that would display the cookies stashed on a machine and give the user the option to either delete or <snicker> edit </snicker> any given cookie. (Hey, it¹s *your* computer, not the website¹s).
I doubt that you will have much luck here. Many (most??) sites that use cookies tend to encode or obscure them so that they are not human readable. Certainly anyone doing something questionable will obscure their cookies so that they will not be user readable or editable.
I agree. Editing is problematic. It would be difficult to decode intentionally hidden information. The user may suspect strange and not obvious stuff in a site's given cookie. Then what may happen is the user will "vote with their mouse" and stop using a site that encripts cookie data (or perhaps not). In any case the user will at least have the knowledge that the cookie exists. Those that do not encrypt may provide other interesting information. -Chris ... ... smtp: nozefngr@apple.com .. page: 1.800.680.7351 .. http: http://virtual.net/Personal/nozefngr/ .. icbm: lat37*21'.lon121*5' .. .. the kabuki project: http://remarque.berkeley.edu/kabuki/
Christopher Hull wrote:
What I imagine is a little utility that would display the cookies stashed on a machine and give the user the option to either delete or <snicker> edit </snicker> any given cookie. (Hey, it¹s *your* computer, not the website¹s).
I doubt that you will have much luck here. Many (most??) sites that use cookies tend to encode or obscure them so that they are not human readable. Certainly anyone doing something questionable will obscure their cookies so that they will not be user readable or editable.
I agree. Editing is problematic.
Yes, editing is difficult, often a trial-and-error effort if you don't know what the site is looking for. You generally end up with a cookie that is ignored by the server, which then acts as though no cookie were involved. I have yet to see a "damaging" cookie, outside of the stupidity of trying to pass a plain-text password across the 'net for storage on the client. Anybody seen any interesting problematic cookies? - r.w.
participants (2)
-
Christopher Hull -
Rabid Wombat