Off Topic
Bill Glaze
billglaze at triad.rr.com
Wed Dec 22 06:13:19 AKST 2004
Steve:
Thanks so much to you and Marty for your education about cookies. Not
only have you completely explained my "need to Know" (read: curiosity)
but you folks have taught me something also. (Not an easy thing to do,
BTW! ;-) Is this list great, or what? Bill Glaze
RC Steve Sterling wrote:
>Hi-- without disclosing too much of the site's security that would give a
>hacker an edge to break in--
>
>On login when you travel into the member's only section (retrieve latest
>K-Factor, membership management etc), a non-persistent cookie is set as a
>token so you don't have to login to each separate page you may browse.
>
>Other non-persistent cookies are used to pass values from one page to
>another in the membership administration sections (mainly Maureen's domain).
>
>Note they are non-persistent cookies. They are never written to the user's
>hard-disk, unlike "normal" cookies. They only exist as a volitile variable
>in that browser session. Closing the browser distroys them. You will also
>see a "logout" on some of those members pages, and those distroy the cookies
>without closing the browser.
>
>Why did I use non-persistent cookies? Other methods of passing this token
>are much easier to hack.
>
>You can test this yourself. Login to www.nsrca.org/members. You will see a
>menu with at least "download kfactor", "Update Password" and "Logout". Click
>on "download Kfactor" and/or "Update Password". You get there without
>hassle. Hit the browser back button. You get back to the menu
>(www.nsrca.org/members/default.asp), again without hassle. Close the browser
>window, open up another and go back to the menu at
>www.nsrca.org/members/default.asp. It makes you login again because that
>cookie was destroyed.
>
>I only speak for the section I am responsible for (www.nsrca.org/members).
>Other people take care of other areas. They may be using cookies (normal or
>non-persistent) for other purposes.
>
>Steve Sterling
>
>
>-----Original Message-----
>From: discussion-request at nsrca.org
>[mailto:discussion-request at nsrca.org]On Behalf Of Bill Glaze
>Sent: Tuesday, December 21, 2004 7:04 AM
>To: Discussion
>Subject: Off Topic
>
>
>I'm asking some of the computer gurus on this list:
>Why can't I access the NSRCA web site when I have cookies disabled? I
>realize that the commercial sites want to insert cookies into my system
>to "further serve me" (ahem) better. But, inasmuch as I am already
>sold<G> on the NSRCA, it seems peculiar to me that they want to install
>cookies. Any help out there for my curiosity? TIA
>btw: I remove all cookies at the end of the particular session..
>
>Bill Glaze
>AMA 2221
>NSRCA 2388
>
>=================================================
>To access the email archives for this list, go to
>http://lists.f3a.us/pipermail/nsrca-discussion/
>To be removed from this list, go to http://www.nsrca.org/discussionA.htm
>and follow the instructions.
>
>=================================================
>To access the email archives for this list, go to
>http://lists.f3a.us/pipermail/nsrca-discussion/
>To be removed from this list, go to http://www.nsrca.org/discussionA.htm
>and follow the instructions.
>
>
>
>
>
=================================================
To access the email archives for this list, go to
http://lists.f3a.us/pipermail/nsrca-discussion/
To be removed from this list, go to http://www.nsrca.org/discussionA.htm
and follow the instructions.
More information about the NSRCA-discussion
mailing list