Cookies, Security, and Privacy Client Identification
w
HTTP The Definitive Guide
Cookies themselves are not believed to be a tremendous security risk, because they can be disabled
and because much of the tracking can be done through log analysis or other means. In fact, by
providing a standardized, scrutinized method for retaining personal information in remote databases
and using anonymous cookies as keys, the frequency of communication of sensitive data from client
to server can be reduced.
Still, it is good to be cautious when dealing with privacy and user tracking, because there is always
potential for abuse. The biggest misuse comes from third-party web sites using persistent cookies to
track users. This practice, combined with IP addresses and information from the Referer header, has
enabled these marketing companies to build fairly accurate user profiles and browsing patterns.
In spite of all the negative publicity, the conventional wisdom is that the session handling and
transactional convenience of cookies outweighs most risks, if you use caution about who you provide
personal information to and review sites' privacy policies.
The Computer Incident Advisory Capability (part of the U.S. Department of Energy) wrote an
assessment of the overrepresented dangers of cookies in 1998. Here's an excerpt from that report:
CIAC I-034: Internet Cookies (http://www.ciac.org/ciac/bulletins/i-034.shtml)
PROBLEM:
Cookies are short pieces of data used by web servers to help
identify web users. The
popular concepts and rumors about what a cookie can do has
reached almost mystical
proportions, frightening users and worrying their managers.
VULNERABILITY ASSESSMENT:
The vulnerability of systems to damage or snooping by using
web browser cookies is
essentially nonexistent. Cookies can only tell a web server if
you have been there
before and can pass short bits of information (such as a user
number) from the web
server back to itself the next time you visit. Most cookies
last only until you quit
your browser and then are destroyed. A second type of cookie
known as a persistent
cookie has an expiration date and is stored on your disk until
that date. A
persistent cookie can be used to track a user's browsing
habits by identifying him
whenever he returns to a site. Information about where you
come from and what web
pages you visit already exists in a web server's log files and
could also be used to
track users browsing habits, cookies just make it easier.


Cookies, Security, and Privacy Client Identification的更多相关文章
- Cookies and Session Tracking Client Identification cookie与会话跟踪 客户端识别
w HTTP The Definitive Guide Cookies can be used to track users as they make multiple transactions to ...
- Technical analysis of client identification mechanisms
http://www.chromium.org/Home/chromium-security/client-identification-mechanisms Chromium > Chro ...
- Cookies and Caching Client Identification
w HTTP The Definitive Guide 11.6.9 Cookies and Caching You have to be careful when caching documents ...
- Cookies Client Identification
HTTP The Definitive Guide Cookies are the best current way to identify users and allow persistent se ...
- combined with the Referer header, to potentially build an exhaustive data set of user profiles and browsing habits Client Identification
w https://www.zhihu.com/question/35307626 w 0-客户端(附加用户信息)首次请求服务端--->服务端生成session(有唯一性).session_id ...
- Client IP Address Client Identification
HTTP The Definitive Guide Early web pioneers tried using the IP address of the client as a form of i ...
- The Personal Touch Client Identification 个性化接触 客户识别
w服务器要知道和谁在交谈. HTTP The Definitive Guide Web servers may talk to thousands of different clients simul ...
- Fat URLs Client Identification
w在每个URL后面都附加一个用户特有的标识码. HTTP The Definitive Guide Some web sites keep track of user identity by gene ...
- HTTP Headers Client Identification
用户信息通过HTTP头部承载:不能实现用户唯一性标识. w HTTP The Definitive Guide Table 11-1 shows the seven HTTP request head ...
随机推荐
- firewalld增加端口访问权限
firewall-cmd --zone=public --add-port=80/tcp --permanent firewall-cmd --reload
- Nginx 常见问题解决
如果提示端口已经被占用: probably another instance of uWSGI is running on the same address (:8002). bind(): Addr ...
- Unity3D学习(九):C#和C++的相互调用
前言 不知不觉已经一年了,这一年来一直忙于公司项目疯狂加班,很少有自己的时间写下东西.不过好在项目最近也步入正轨了,正好抽空写点东西记录下学到的一些东西. 公司项目是一个端游IP移植手游,端游是基于C ...
- ipipe-3.10
git://git.xenomai.org/ipipe-gch.git for-ipipe-3.10
- linux查看端口命令和kill
1.查看 netstat -atunlp 2kill:kill -9 PID
- 三分 - HNU 13409 Flowers
Flowers Problem's Link: http://acm.hnu.cn/online/?action=problem&type=show&id=13409&cour ...
- Javascript 验证上传图片大小[客户端验证]
需求分析: 在做上传图片的时候,如果不限制上传图片大小,后果非常的严重.那么我们怎样才可以解决一个棘手的问题呢?有两种方式: 1)后台处理: 也就是AJAX POST提交到后台,把图片上传到服务器上, ...
- java为安全起见对Applet有所限制
Applet消亡的原因: ①java为安全起见对Applet有所限制:Applet不允许访问本地文件信息.敏感信息,不能执行本地指令(比如FORMAT),不能访问初原服务器之外的其他服务器. ① IE ...
- ie设置ActiveX控件不提示
ie设置自动允许activex: 对安全设置-受信任的站点区域-对未标记为可安全执行脚本的ActiveX控件初始化并执形脚本(启用)
- STL容器:deque双端队列学习
所谓deque,是"double-ended queue"的缩写; 它是一种动态数组形式,可以向两端发展,在尾部和头部插入元素非常迅速; 在中间插入元素比较费时,因为需要移动其它元 ...