On Mon, 7 Feb 2005 21:43:24 -0800, Bob Miller <[EMAIL PROTECTED]> wrote:
> A cookie should just be a nonce. It shouldn't give the end-user any > information and the system shouldn't rely on it having any structure. > It should also change frequently to prevent replay attacks. but you've set your cookies file to be read-only, fortunately for anything remotely important, possession of the cookie alone should not enable you to get to the target information. > > Keep the actual data on the server in an RDBMS or something. That is the standard practice. I think I had in mind something along the lines of a preferences file that would be sent to multiple sites and let the host site know what the visitors preferred configuration was. There is also the question of data-retention and ownership, particularly in Europe but elsewhere also, keeping a visitors information in any format subjects you to a number of stringent regulations as to who can access what when and how long and under what circumstances you can keep it. letting the visitor keep it would be one engineering solution to a bunch of legal constraints. -- http://Zoneverte.org -- information explained Do you know what your IT infrastructure does? _______________________________________________ EUGLUG mailing list [email protected] http://www.euglug.org/mailman/listinfo/euglug
