w

HTTP The Definitive Guide

Cookies themselves are not believed to be a tremendous security risk, because they can be disabled
and because much of the tracking can be done through log analysis or other means. In fact, by
providing a standardized, scrutinized method for retaining personal information in remote databases
and using anonymous cookies as keys, the frequency of communication of sensitive data from client
to server can be reduced.
Still, it is good to be cautious when dealing with privacy and user tracking, because there is always
potential for abuse. The biggest misuse comes from third-party web sites using persistent cookies to
track users. This practice, combined with IP addresses and information from the Referer header, has
enabled these marketing companies to build fairly accurate user profiles and browsing patterns.
In spite of all the negative publicity, the conventional wisdom is that the session handling and
transactional convenience of cookies outweighs most risks, if you use caution about who you provide
personal information to and review sites' privacy policies.
The Computer Incident Advisory Capability (part of the U.S. Department of Energy) wrote an
assessment of the overrepresented dangers of cookies in 1998. Here's an excerpt from that report:

CIAC I-034: Internet Cookies (http://www.ciac.org/ciac/bulletins/i-034.shtml)

PROBLEM:

Cookies are short pieces of data used by web servers to help
identify web users. The
popular concepts and rumors about what a cookie can do has
reached almost mystical
proportions, frightening users and worrying their managers.

VULNERABILITY ASSESSMENT:

The vulnerability of systems to damage or snooping by using
web browser cookies is
essentially nonexistent. Cookies can only tell a web server if
you have been there
before and can pass short bits of information (such as a user
number) from the web
server back to itself the next time you visit. Most cookies
last only until you quit
your browser and then are destroyed. A second type of cookie
known as a persistent
cookie has an expiration date and is stored on your disk until
that date. A
persistent cookie can be used to track a user's browsing
habits by identifying him
whenever he returns to a site. Information about where you
come from and what web
pages you visit already exists in a web server's log files and
could also be used to
track users browsing habits, cookies just make it easier.

Cookies, Security, and Privacy Client Identification的更多相关文章

  1. Cookies and Session Tracking Client Identification cookie与会话跟踪 客户端识别

    w HTTP The Definitive Guide Cookies can be used to track users as they make multiple transactions to ...

  2. Technical analysis of client identification mechanisms

    http://www.chromium.org/Home/chromium-security/client-identification-mechanisms Chromium‎ > ‎Chro ...

  3. Cookies and Caching Client Identification

    w HTTP The Definitive Guide 11.6.9 Cookies and Caching You have to be careful when caching documents ...

  4. Cookies Client Identification

    HTTP The Definitive Guide Cookies are the best current way to identify users and allow persistent se ...

  5. combined with the Referer header, to potentially build an exhaustive data set of user profiles and browsing habits Client Identification

    w https://www.zhihu.com/question/35307626 w 0-客户端(附加用户信息)首次请求服务端--->服务端生成session(有唯一性).session_id ...

  6. Client IP Address Client Identification

    HTTP The Definitive Guide Early web pioneers tried using the IP address of the client as a form of i ...

  7. The Personal Touch Client Identification 个性化接触 客户识别

    w服务器要知道和谁在交谈. HTTP The Definitive Guide Web servers may talk to thousands of different clients simul ...

  8. Fat URLs Client Identification

    w在每个URL后面都附加一个用户特有的标识码. HTTP The Definitive Guide Some web sites keep track of user identity by gene ...

  9. HTTP Headers Client Identification

    用户信息通过HTTP头部承载:不能实现用户唯一性标识. w HTTP The Definitive Guide Table 11-1 shows the seven HTTP request head ...

随机推荐

  1. vs code git 扩展失败,提示重新加载的解决办法

    Git扩展的的问题,通过shift+command+p执行SCM: Disable Preview来回退,会发现图标被还原了,然后世界就安静了,参见更新文档里关于该问题的解释:

  2. Ubuntu打开core dump

    输入ulimit -a 如果core file size为0,那就说明没有打开core dump,尽管你的程序crash的时候会显示core dumped,但实际上不会生成core file 输入ul ...

  3. poj3250单调栈

    有n只羊,(姑且算是羊吧,也有可能是牛啊猫啊什么之类的),每只羊都有一个身高,前面的羊要看到后面的羊的条件是,后面的羊高度要小于前面的羊,就问各位羊加起来看到的牛多少只....... #include ...

  4. Hbase脚本小结

    脚本使用小结: 1.开启集群,start-hbase.sh 2.关闭集群,stop-hbase.sh 3.开启/关闭所有的regionserver.zookeeper,hbase-daemons.sh ...

  5. Datatable添加数据,提示该行已经属于另一个表的解决方法

    一.DataTable.Rows.Add(DataRow.ItemArray); 二.DataTable.ImportRow(DataRow) 三.设置DataTable的tablename,然后.R ...

  6. Java反射机制在代理模式中的使用

    代理模式的核心思路就是一个接口有两个子类,一个子类完成核心的业务操作,另一个子类完成与核心业务有关的辅助性操作. 代理模式分为静态代理模式和动态代理模式.  静态代理模式: //接口类 interfa ...

  7. Python高级编程之生成器(Generator)与coroutine(三):coroutine与pipeline(管道)和Dataflow(数据流_

    原创作品,转载请注明出处:点我 在前两篇文章中,我们介绍了什么是Generator和coroutine,在这一篇文章中,我们会介绍coroutine在模拟pipeline(管道 )和控制Dataflo ...

  8. maven远程私服发布jar包

    配置项目POM.xml <distributionManagement> <repository> <id>nexus-releases</id> &l ...

  9. sql 使用整理

    今天使用视图查询东西,为了方便直接select * 查出来的都行全部都错乱了,看来sql 超过20个以上的字段为了效率和安全,禁止用select * -------------查一个表的所有字段的-- ...

  10. Instant Run requires 'Tools | Android | Enable ADB integration' to be enabled.

    更新了最新的Android Studio预览版之后,运行程序.发现弹出了一个Error Instant Run requires 'Tools | Android | Enable ADB integ ...