• Cookies, Security, and Privacy Client Identification


    w

    HTTP The Definitive Guide

    Cookies themselves are not believed to be a tremendous security risk, because they can be disabled
    and because much of the tracking can be done through log analysis or other means. In fact, by
    providing a standardized, scrutinized method for retaining personal information in remote databases
    and using anonymous cookies as keys, the frequency of communication of sensitive data from client
    to server can be reduced.
    Still, it is good to be cautious when dealing with privacy and user tracking, because there is always
    potential for abuse. The biggest misuse comes from third-party web sites using persistent cookies to
    track users. This practice, combined with IP addresses and information from the Referer header, has
    enabled these marketing companies to build fairly accurate user profiles and browsing patterns.
    In spite of all the negative publicity, the conventional wisdom is that the session handling and
    transactional convenience of cookies outweighs most risks, if you use caution about who you provide
    personal information to and review sites' privacy policies.
    The Computer Incident Advisory Capability (part of the U.S. Department of Energy) wrote an
    assessment of the overrepresented dangers of cookies in 1998. Here's an excerpt from that report:

    CIAC I-034: Internet Cookies (http://www.ciac.org/ciac/bulletins/i-034.shtml)

    PROBLEM:

    Cookies are short pieces of data used by web servers to help
    identify web users. The
    popular concepts and rumors about what a cookie can do has
    reached almost mystical
    proportions, frightening users and worrying their managers.

    VULNERABILITY ASSESSMENT:

    The vulnerability of systems to damage or snooping by using
    web browser cookies is
    essentially nonexistent. Cookies can only tell a web server if
    you have been there
    before and can pass short bits of information (such as a user
    number) from the web
    server back to itself the next time you visit. Most cookies
    last only until you quit
    your browser and then are destroyed. A second type of cookie
    known as a persistent
    cookie has an expiration date and is stored on your disk until
    that date. A
    persistent cookie can be used to track a user's browsing
    habits by identifying him
    whenever he returns to a site. Information about where you
    come from and what web
    pages you visit already exists in a web server's log files and
    could also be used to
    track users browsing habits, cookies just make it easier.

  • 相关阅读:
    vant的table
    element table行hover时显示弹窗
    [转]Java基础面试题(2022最新版汇总)
    Windows开机自启动运行Java的jar包
    CEPH的CephFS和RDB的区别
    readlink
    使用系统日志定位coredump
    MySql是否需要commit详解
    mysql预编译
    trap命令
  • 原文地址:https://www.cnblogs.com/rsapaper/p/6396895.html
Copyright © 2020-2023  润新知