w

HTTP The Definitive Guide

Cookies themselves are not believed to be a tremendous security risk, because they can be disabled
and because much of the tracking can be done through log analysis or other means. In fact, by
providing a standardized, scrutinized method for retaining personal information in remote databases
and using anonymous cookies as keys, the frequency of communication of sensitive data from client
to server can be reduced.
Still, it is good to be cautious when dealing with privacy and user tracking, because there is always
potential for abuse. The biggest misuse comes from third-party web sites using persistent cookies to
track users. This practice, combined with IP addresses and information from the Referer header, has
enabled these marketing companies to build fairly accurate user profiles and browsing patterns.
In spite of all the negative publicity, the conventional wisdom is that the session handling and
transactional convenience of cookies outweighs most risks, if you use caution about who you provide
personal information to and review sites' privacy policies.
The Computer Incident Advisory Capability (part of the U.S. Department of Energy) wrote an
assessment of the overrepresented dangers of cookies in 1998. Here's an excerpt from that report:

CIAC I-034: Internet Cookies (http://www.ciac.org/ciac/bulletins/i-034.shtml)

PROBLEM:

Cookies are short pieces of data used by web servers to help
identify web users. The
popular concepts and rumors about what a cookie can do has
reached almost mystical
proportions, frightening users and worrying their managers.

VULNERABILITY ASSESSMENT:

The vulnerability of systems to damage or snooping by using
web browser cookies is
essentially nonexistent. Cookies can only tell a web server if
you have been there
before and can pass short bits of information (such as a user
number) from the web
server back to itself the next time you visit. Most cookies
last only until you quit
your browser and then are destroyed. A second type of cookie
known as a persistent
cookie has an expiration date and is stored on your disk until
that date. A
persistent cookie can be used to track a user's browsing
habits by identifying him
whenever he returns to a site. Information about where you
come from and what web
pages you visit already exists in a web server's log files and
could also be used to
track users browsing habits, cookies just make it easier.

Cookies, Security, and Privacy Client Identification的更多相关文章

  1. Cookies and Session Tracking Client Identification cookie与会话跟踪 客户端识别

    w HTTP The Definitive Guide Cookies can be used to track users as they make multiple transactions to ...

  2. Technical analysis of client identification mechanisms

    http://www.chromium.org/Home/chromium-security/client-identification-mechanisms Chromium‎ > ‎Chro ...

  3. Cookies and Caching Client Identification

    w HTTP The Definitive Guide 11.6.9 Cookies and Caching You have to be careful when caching documents ...

  4. Cookies Client Identification

    HTTP The Definitive Guide Cookies are the best current way to identify users and allow persistent se ...

  5. combined with the Referer header, to potentially build an exhaustive data set of user profiles and browsing habits Client Identification

    w https://www.zhihu.com/question/35307626 w 0-客户端(附加用户信息)首次请求服务端--->服务端生成session(有唯一性).session_id ...

  6. Client IP Address Client Identification

    HTTP The Definitive Guide Early web pioneers tried using the IP address of the client as a form of i ...

  7. The Personal Touch Client Identification 个性化接触 客户识别

    w服务器要知道和谁在交谈. HTTP The Definitive Guide Web servers may talk to thousands of different clients simul ...

  8. Fat URLs Client Identification

    w在每个URL后面都附加一个用户特有的标识码. HTTP The Definitive Guide Some web sites keep track of user identity by gene ...

  9. HTTP Headers Client Identification

    用户信息通过HTTP头部承载:不能实现用户唯一性标识. w HTTP The Definitive Guide Table 11-1 shows the seven HTTP request head ...

随机推荐

  1. 修改JQM的默认配置属性

    从本文开始,使用 jQuery Mobile 与 HTML5 开发 Web App 系列将会进入第三部分——jQuery Mobile 事件与方法,这其中将会利用之前所讲述的 jQuery Mobil ...

  2. swift 函数.和匿名函数

    函数 注意: 没有定义返回类型的函数会返回特殊的值,叫 Void.它其实是一个空的元组(tuple),没有任何元素,可以写成(). 使用元组作为返回参数,返回多个参数 func count(strin ...

  3. 李洪强iOS经典面试题35-按层遍历二叉树的节点

    李洪强iOS经典面试题35-按层遍历二叉树的节点 问题 给你一棵二叉树,请按层输出其的节点值,即:按从上到下,从左到右的顺序. 例如,如果给你如下一棵二叉树:    3   / \  9  20   ...

  4. 一款纯css3实现的超炫3D表单

    今天要给大家分享一款纯css3实现的超炫3D表单.该特效页面的加载的时候3d四十五度倾斜,当鼠标经过的时候表单动画回正.效果非常炫,一起看下效果图: 在线预览   源码下载 实现的代码. html代码 ...

  5. EAGAIN、EWOULDBLOCK、EINTR与非阻塞 长连接

    EAGAIN.EWOULDBLOCK.EINTR与非阻塞 长连接 EWOULDBLOCK用于非阻塞模式,不需要重新读或者写 EINTR指操作被中断唤醒,需要重新读/写 在Linux环境下开发经常会碰到 ...

  6. Android基础总结(二)布局,存储

    常见布局 相对布局 RelativeLayout 组件默认左对齐.顶部对齐 设置组件在指定组件的右边 android:layout_toRightOf="@id/tv1" 设置在指 ...

  7. HDOJ 4010 Query on The Trees LCT

    LCT: 分割.合并子树,路径上全部点的点权添加一个值,查询路径上点权的最大值 Query on The Trees Time Limit: 10000/5000 MS (Java/Others)   ...

  8. ZooKeeper是一个分布式的,开放源码的分布式应用程序协调服务

    ZooKeeper是一个分布式的,开放源码的分布式应用程序协调服务,是Google的Chubby一个开源的实现,是Hadoop和Hbase的重要组件.它是一个为分布式应用提供一致性服务的软件,提供的功 ...

  9. IoC就是IoC,不是什么技术,与GoF一样,是一种设计模式。

    IoC就是IoC,不是什么技术,与GoF一样,是一种设计模式. InterfaceDrivenDesign接口驱动,接口驱动有很多好处,可以提供不同灵活的子类实现,增加代码稳定和健壮性等等,但是接口一 ...

  10. 浅谈Unity中的GC以及优化

    介绍: 在游戏运行的时候,数据主要存储在内存中,当游戏的数据不在需要的时候,存储当前数据的内存就可以被回收再次使用.内存垃圾是指当前废弃数据所占用的内存,垃圾回收(GC)是指将废弃的内存重新回收再次使 ...