Prentice Hall and Sun Microsystems. Personal use only; do not redistribute.


182


Chapter 8 Handling Cookies


ports  cookies and is associated with a browser. Thus, people could send you


e mail that loads images, attach cookies to those images, then identify you


(e mail address and all) if you subsequently visit their Web site. Boo.


A second privacy problem occurs when sites rely on cookies for overly


sensitive data. For example, some of the big on line bookstores use cookies


to remember users and let you order without reentering much of your per 


sonal information. This is not a particular problem since they don't actually


display the full credit card number and only let you send books to an


address that was specified when you did enter the credit card in full or use


the username and password. As a result, someone using your computer (or


stealing your cookie file) could do no more harm than sending a big book


order to your address, where the order could be refused. However, other


companies might not be so careful, and an attacker who got access to some 


one's computer or cookie file could get on line access to valuable personal


information. Even worse, incompetent sites might embed credit card or


other sensitive information directly in the cookies themselves, rather than


using innocuous identifiers that are only linked to real users on the server.


This is dangerous, since most users don't view leaving their computer unat 


tended in their office as being tantamount to leaving their credit card sit 


ting on their desk. 


FOXTROT   1998 Bill Amend.  Reprinted with permission of UNIVERSAL PRESS SYNDICATE. All 


rights reserved


The point of all this is twofold. First, due to real and perceived privacy


problems, some users turn off cookies. So, even when you use cookies to give


added value to a site, your site shouldn't  depend on them. Second, as the


author of servlets that use cookies, you should be careful not to use cookies


for particularly sensitive information, since this would open users up to risks


if somebody accessed their computer or cookie files. 


Second edition of this book: www.coreservlets.com; Sequel: www.moreservlets.com.


Servlet and JSP training courses by book's author: courses.coreservlets.com.








footer






  


 


 


        

 


 

  

    

      
      
 Home 
      | About Us | Network 
      | Services | Support 
      | FAQ | Control Panel 
      | Order Online |
      Sitemap | Contact

      

      jsp web hosting

      
 

    

  

  




Our partners: 
PHP: Hypertext Preprocessor Best Web Hosting
Java Web Hosting
Jsp Web Hosting
Cheapest Web Hosting


Visionwebhosting.net Business web hosting division of Web 
Design Plus. All rights reserved