Jargons of Info Tech industry

Paul Rubin http
Thu Oct 13 22:38:40 CEST 2005


Brendan Guild <dont at spam.me> writes:
> This was a problem, but modern browsers implement Javascript in such a 
> way that it requires permission from the user before it will open a new 
> window.

Not really true, it's easy to defeat that, and also generally the
pop-up blocker only blocks window.open on load events.  JS can usually
still open windows when you mouse over something.

> All of those things seem like major problems except the bit about 
> cookies. What possible harm can reading and setting cookies do? I had 
> always thought they were carefully and successfully designed to be 
> harmless. That's not personal information in your cookies. That 
> information is set by websites for the sole purpose of being read by 
> websites.

If you have a cookie from site ABC on your system, that shows you
visited site ABC sometime in the past.  That is personal information
all by itself, that shouldn't be revealed (including to site ABC)
without your permission.  And that doesn't even begin to address web
bugs.

If the JS from site ABC can also read cookies set by unrelated site
XYZ, that's an absolute disaster.  It can steal login credentials and
anything else.  MSIE actually had a bug of that type a few years ago.



More information about the Python-list mailing list