Re: [PHP] Re: Find out cookies on a computer?
Adam Zey wrote: Peter Lauri wrote: Is it possible to some how find out all cookies on a specific computer and their name and value? I assume not :) /Peter No, because you don't OWN them, therefore you have no right (either technologically or ethically) to see them. the 'right' that he has to see them (or others have to see his cookies) has nothing to do with whether it is technically possible. the HTTP specifications state that a site should only have access to cookies set within it's own domain - so in a perfect world Peter doesn't have access. BUT: 1. security flaws in browsers (and/or webservers?) can (and have) occassionally make cookies available to third parties unintentionally. 2. cross-site-scripting (XSS) hacking techniques are capable of stealing cookie data from third parties. you can't do much about 1. but you can take measures to protect your site from XSS. http://www.phpsec.org is a great place to learn more about XSS and other security issues. Asking such unethical questions on this list is, well, pretty dumb. there are no unethical questions and to presume that Peter is out to steal other peoples cookies is shortsighted - there is no evidence to back this up... turn it around - maybe he wanted to know if it was possible for other people/sites to view *his* cookies. the ethical issue arises if Peter would try to read cookies that don't belong to him/his site. I feel it was unfair to insinuate dumbness; if you want to call people dumb why not take it out on Suresh 'I have one problem, awaiting you reply asap' Kumar? he's an easy target and apparently doesn't even know of the eixstence of the 'Reply' button ;-) (okay so that last bit was unfair - pot calling the kettle black heh :-P) Regards, Adam. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] RE: Find out cookies on a computer?
Is the question dumb? Why you answer it then? It is very interesting in a security manner. I have very low knowledge about them, so therefore the question. And if you think this question is unethical, and the rest of the society does that, we would probably not have as secure technology regarding cookies _as you state it is_. Rethink you answer a bit... As a developer I would like to know if someone can view the cookies that are not authorized to do so. Sorry for wanting to learn more... -Original Message- From: Adam Zey [mailto:[EMAIL PROTECTED] Sent: Friday, June 30, 2006 4:32 AM To: Peter Lauri Cc: php-general@lists.php.net Subject: Re: Find out cookies on a computer? Peter Lauri wrote: Is it possible to some how find out all cookies on a specific computer and their name and value? I assume not :) /Peter No, because you don't OWN them, therefore you have no right (either technologically or ethically) to see them. Asking such unethical questions on this list is, well, pretty dumb. Regards, Adam. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: Find out cookies on a computer?
Peter Lauri wrote: Is it possible to some how find out all cookies on a specific computer and their name and value? I assume not :) /Peter No, because you don't OWN them, therefore you have no right (either technologically or ethically) to see them. Asking such unethical questions on this list is, well, pretty dumb. Regards, Adam. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: Find out cookies on a computer?
On Fri, 30 Jun 2006 04:23:51 +0700, Peter Lauri wrote: Is it possible to some how find out all cookies on a specific computer and their name and value? I assume not :) The global array $_COOKIE should hold any cookie which is available to you -- Hilsen/Regards Michael Rasmussen http://keyserver.veridis.com:11371/pks/lookup?op=getsearch=0xE3E80917 -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Re: Find out cookies on a computer?
snip The global array $_COOKIE should hold any cookie which is available to you /snip Yes, but that is just for the ones available for me. Like Google, they set a cookie if you click on one of their adwords ads and then use them in the tracking of the customer conversion. Cookies like this are interesting to use. One of my clients want to track a little deeper the adwords and the conversion of them, and to get that cookie would be awesome. But I am loosing hope that it can be done now :) -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Re: Find out cookies on a computer?
[snip] But I am loosing hope that it can be done now :) [/snip] I will go ahead and remove all hope. If you do not own the cookie, you cannot see it or use it. It is a rule of this jungle that has been in place for years. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Re: Find out cookies on a computer?
On Fri, 30 Jun 2006 05:06:33 +0700, Peter Lauri wrote: Yes, but that is just for the ones available for me. Like Google, they set a cookie if you click on one of their adwords ads and then use them in the tracking of the customer conversion. The place where the cookies are stored is dependant of the users browser and platform. Try this by having MS IE and FF display all stored cookies - I bet you would get a different picture. -- Hilsen/Regards Michael Rasmussen http://keyserver.veridis.com:11371/pks/lookup?op=getsearch=0xE3E80917 -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: Find out cookies on a computer?
On 29/06/06, Jay Blanchard [EMAIL PROTECTED] wrote: [snip] But I am loosing hope that it can be done now :) [/snip] I will go ahead and remove all hope. If you do not own the cookie, you cannot see it or use it. It is a rule of this jungle that has been in place for years. Yes, let's put this baby to bed. You have access to the $_COOKIE superglobal array and that is it. Period, Full stop. End. -- http://www.web-buddha.co.uk http://www.projectkarma.co.uk
Re: [PHP] RE: Find out cookies on a computer?
Peter Lauri wrote: Is the question dumb? Why you answer it then? It is very interesting in a security manner. I have very low knowledge about them, so therefore the question. And if you think this question is unethical, and the rest of the society does that, we would probably not have as secure technology regarding cookies _as you state it is_. Rethink you answer a bit... As a developer I would like to know if someone can view the cookies that are not authorized to do so. Sorry for wanting to learn more... http://en.wikipedia.org/wiki/HTTP_cookie#Privacy_and_third-party_cookies Cheers Richard -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] RE: Find out cookies on a computer?
Thank you, great reading :) -Original Message- From: Richard Collyer [mailto:[EMAIL PROTECTED] Sent: Friday, June 30, 2006 5:01 AM To: php-general@lists.php.net Subject: Re: [PHP] RE: Find out cookies on a computer? Peter Lauri wrote: Is the question dumb? Why you answer it then? It is very interesting in a security manner. I have very low knowledge about them, so therefore the question. And if you think this question is unethical, and the rest of the society does that, we would probably not have as secure technology regarding cookies _as you state it is_. Rethink you answer a bit... As a developer I would like to know if someone can view the cookies that are not authorized to do so. Sorry for wanting to learn more... http://en.wikipedia.org/wiki/HTTP_cookie#Privacy_and_third-party_cookies Cheers Richard -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
