All has been said multiple times so I'll just post this blog if you will that host an illistration of what can happen with cross scripting hacks. same would go for cookies..
http://radio.javaranch.com/pascarello/2005/12/30/1135962460818.html You might not be looking for username and passwords, but someone is... That being said. The only way you are going to be able to use a cookie cross site is with that of the 3rd party cookie. Take you normal website reporting suites like Omniture.com as an example... Have you ever taken a look at your status bar as some sites are loading and see the following. domain.112.207.net Yup, you guested it. Omniture is tracking your visit. Not only this, but they are tracking your visit accross every domain you visit who uses Omniture. How? Well they own .112.207.net they can do anything they want with it because the cookie is stored under 207.net as the domain name... Unless your going to show a proof of concept as to how your going to view a cookie from another domain, just drop it. Casey On 4/24/06, Joe Velez <[EMAIL PROTECTED]> wrote: > > =) > > Yea - I realize the security issues. And that's not the goal I was after, > but thought if you knew the cookie name, you could read the cookie value. > BUMMER! > > > > Thanks. > > > ----- Original Message ----- > From: "Bryan Stevenson" <[EMAIL PROTECTED]> > To: "CF-Talk" <[email protected]> > Sent: Monday, April 24, 2006 3:58 PM > Subject: Re: 3rd Party Cookie Reading [try to explain again] > > > > No it's not possible AFAIK....HUGE security issue if that was possible. > Let's > > think it through....the other site stores the user's password in plain > text in a > > cookie for some stupid reason....now you can read it...I think not ;-) > > > > HTH > > > > Cheers > > > > Bryan Stevenson B.Comm. > > VP & Director of E-Commerce Development > > Electric Edge Systems Group Inc. > > phone: 250.480.0642 > > fax: 250.480.1264 > > cell: 250.920.8830 > > e-mail: [EMAIL PROTECTED] > > web: www.electricedgesystems.com > > > > > > > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Message: http://www.houseoffusion.com/lists.cfm/link=i:4:238578 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4 Donations & Support: http://www.houseoffusion.com/tiny.cfm/54
