Re: [ICANN-EU] Re: University Based Indepedent Discussion Board

[lutz@iks-jena.de (Lutz Donnerhacke)]

* Marc Lehmann wrote:
>On Fri, Aug 18, 2000 at 02:21:57PM +0000, Lutz Donnerhacke <lutz@iks-jena.de> wrote:
>> Cookies are a valid tool to create a session.
>
>With their very own problems of security and how a session is defined.

Definitly. So they should not be enforced (a reason to set up the ML).

>> enviroment, but these mechanisms are weak and can compromise the
>> security of the session itself.
>
>In different ways than cookies, indeed.

Of course.

>> Pleas read your approbriate Köhntopp on this subject.
>
>No need to get arrogant ;)

Sorry, it should not sound so. But Kristian did a lot of work o sessions and
he definitly known about privacy and security to not rewrite his articles.

I mailed the web board creator that cookies and frames make it unusable.
But I oppose blind hate against cookies. I did read the reasonings for them
and know the misuse potential. All my browsers show me which cookies I get
and ask me for accepting them. I regulary clean up my cookies files.

If somebody assumes that cookies are the privacy killers from hell, he did
not understand the concept of a session and the alternatives. URL rewriting
causes the "cookies" to be stored in proxy logs and pollute the web caches.
Hidden form fields requires a form navigation or a incredible linking style,
which in turn has the same consequences as URL rewriting. All those
solutions causes a huge load on the server.

And this is acceptable solely by a misunderstanding of cookies caused by the
doubleclick abuse?

Sorry, for being arrogant.