Heh, candy from EFF, for log-holders here:
http://www.eff.org/news/archives/2005_02.php#002370
EFF Announces New Privacy Tool
Logfinder Helps Eliminate Unwanted Logging of Personal Data
ciao!
Ben
larry price wrote the following on 2/8/2005 10:54 AM:
On Mon, 7 Feb 2005 21:43:24 -0800, Bob Miller <[EMAIL PROTECTED]> wrote:
A cookie should just be a nonce. It shouldn't give the end-user any
information and the system shouldn't rely on it having any structure.
It should also change frequently to prevent replay attacks.
but you've set your cookies file to be read-only,
fortunately for anything remotely important, possession of the cookie alone should not enable you to get to the target information.
Keep the actual data on the server in an RDBMS or something.
That is the standard practice. I think I had in mind something along the lines of a preferences file that would be sent to multiple sites and let the host site know what the visitors preferred configuration was.
There is also the question of data-retention and ownership, particularly in Europe but elsewhere also, keeping a visitors information in any format subjects you to a number of stringent regulations as to who can access what when and how long and under what circumstances you can keep it. letting the visitor keep it would be one engineering solution to a bunch of legal constraints.
_______________________________________________ EUGLUG mailing list [email protected] http://www.euglug.org/mailman/listinfo/euglug
