Cookies, Security, and Privacy Client Identification
w
HTTP The Definitive Guide
Cookies themselves are not believed to be a tremendous security risk, because they can be disabled
and because much of the tracking can be done through log analysis or other means. In fact, by
providing a standardized, scrutinized method for retaining personal information in remote databases
and using anonymous cookies as keys, the frequency of communication of sensitive data from client
to server can be reduced.
Still, it is good to be cautious when dealing with privacy and user tracking, because there is always
potential for abuse. The biggest misuse comes from third-party web sites using persistent cookies to
track users. This practice, combined with IP addresses and information from the Referer header, has
enabled these marketing companies to build fairly accurate user profiles and browsing patterns.
In spite of all the negative publicity, the conventional wisdom is that the session handling and
transactional convenience of cookies outweighs most risks, if you use caution about who you provide
personal information to and review sites' privacy policies.
The Computer Incident Advisory Capability (part of the U.S. Department of Energy) wrote an
assessment of the overrepresented dangers of cookies in 1998. Here's an excerpt from that report:
CIAC I-034: Internet Cookies (http://www.ciac.org/ciac/bulletins/i-034.shtml)
PROBLEM:
Cookies are short pieces of data used by web servers to help
identify web users. The
popular concepts and rumors about what a cookie can do has
reached almost mystical
proportions, frightening users and worrying their managers.
VULNERABILITY ASSESSMENT:
The vulnerability of systems to damage or snooping by using
web browser cookies is
essentially nonexistent. Cookies can only tell a web server if
you have been there
before and can pass short bits of information (such as a user
number) from the web
server back to itself the next time you visit. Most cookies
last only until you quit
your browser and then are destroyed. A second type of cookie
known as a persistent
cookie has an expiration date and is stored on your disk until
that date. A
persistent cookie can be used to track a user's browsing
habits by identifying him
whenever he returns to a site. Information about where you
come from and what web
pages you visit already exists in a web server's log files and
could also be used to
track users browsing habits, cookies just make it easier.
Cookies, Security, and Privacy Client Identification的更多相关文章
- Cookies and Session Tracking Client Identification cookie与会话跟踪 客户端识别
w HTTP The Definitive Guide Cookies can be used to track users as they make multiple transactions to ...
- Technical analysis of client identification mechanisms
http://www.chromium.org/Home/chromium-security/client-identification-mechanisms Chromium > Chro ...
- Cookies and Caching Client Identification
w HTTP The Definitive Guide 11.6.9 Cookies and Caching You have to be careful when caching documents ...
- Cookies Client Identification
HTTP The Definitive Guide Cookies are the best current way to identify users and allow persistent se ...
- combined with the Referer header, to potentially build an exhaustive data set of user profiles and browsing habits Client Identification
w https://www.zhihu.com/question/35307626 w 0-客户端(附加用户信息)首次请求服务端--->服务端生成session(有唯一性).session_id ...
- Client IP Address Client Identification
HTTP The Definitive Guide Early web pioneers tried using the IP address of the client as a form of i ...
- The Personal Touch Client Identification 个性化接触 客户识别
w服务器要知道和谁在交谈. HTTP The Definitive Guide Web servers may talk to thousands of different clients simul ...
- Fat URLs Client Identification
w在每个URL后面都附加一个用户特有的标识码. HTTP The Definitive Guide Some web sites keep track of user identity by gene ...
- HTTP Headers Client Identification
用户信息通过HTTP头部承载:不能实现用户唯一性标识. w HTTP The Definitive Guide Table 11-1 shows the seven HTTP request head ...
随机推荐
- js基本知识1
Javascript 作用 1. 网页特效 2. 用户交互 3. 表单验证 Js 就是可以用来控制 结构 和 样式 . 1.2 体验js 认识常用的三个输出语句. 都属于 js 内置对象 . 大家买手 ...
- EAV/ESS 8.x 自定义服务器正确方法+更新服务器列表
下面用64位的ESET Smart Security 8.0.319.1进行设置自定义更新服务器说明(注:修改方法32位和64位通用) 1. 让我们先看一下ESET Smart Security 8 ...
- Makefile 11——支持头文件目录指定
现在,是时候在对应目录放入对应文件了: /× foo.h */ #ifndef __FOO_H #define __FOO_H void foo(void) #endif/*__FOO_H*/ /* ...
- dp之多重背包2191
水题........ #include<iostream> #include<stdio.h> #include<string.h> using namespace ...
- [uboot]uboot如何引导系统
转自:http://bbs.elecfans.com/jishu_455028_1_1.html 如6410的bootcmd和bootargs默认存在于uboot1.1.6/include/confi ...
- 由于内部错误,服务器无法处理该请求。有关该错误的详细信息,请打开服务器上的 IncludeExceptionDetailInFaults (从 ServiceBehaviorAttribute 或从 <serviceDebug> 配置行为)以便将异常信息发送回客户端,或打开对每个 Microsoft .NET Framework SDK 文档的跟踪并检查服务器跟踪日志。
客户端调用WCF的时候报上面的错误,WCF只能序列化基础的数据类型,不能直接序列化SqlParameter类型,需要使用自定义类,然后在WCF服务端转换的方式解决: 自定义类代码如下: using S ...
- JSONObject与JSONArray
最近在学习过程中用到了稍微复杂点的json数据需要将json数据解析出来,这里就截取一部分作为例子 1.JSONObject介绍 JSONObject-lib包是一个beans,collections ...
- 解决request.getRemoteAddr()获取的值为0:0:0:0:0:0:0:1这个小问题
症状: Windows操作系统,eclipse开发环境下,在本机上使用http://localhost:8080/...访问本机上的页面,使用tomcat作为服务器 在Servlet或者Action中 ...
- dm8127之核间通信syslink
Last updated: June 23, 2010 Contents [hide] 1 About SysLink 1.1 SysLink Architecture 1.2 SysLink Usa ...
- HTML5+Canvas+jQuery调用手机拍照功能实现图片上传(二)
上一篇仅仅讲到前台操作,这篇专门涉及到Java后台处理.前台通过Ajax提交将Base64编码过的图片数据信息传到Java后台,然后Java这边进行接收处理.通过对图片数据信息进行Base64解码,之 ...