Prentice Hall and Sun Microsystems. Personal use only; do not redistribute.
182
Chapter 8 Handling Cookies
ports cookies and is associated with a browser. Thus, people could send you
e mail that loads images, attach cookies to those images, then identify you
(e mail address and all) if you subsequently visit their Web site. Boo.
A second privacy problem occurs when sites rely on cookies for overly
sensitive data. For example, some of the big on line bookstores use cookies
to remember users and let you order without reentering much of your per
sonal information. This is not a particular problem since they don't actually
display the full credit card number and only let you send books to an
address that was specified when you did enter the credit card in full or use
the username and password. As a result, someone using your computer (or
stealing your cookie file) could do no more harm than sending a big book
order to your address, where the order could be refused. However, other
companies might not be so careful, and an attacker who got access to some
one's computer or cookie file could get on line access to valuable personal
information. Even worse, incompetent sites might embed credit card or
other sensitive information directly in the cookies themselves, rather than
using innocuous identifiers that are only linked to real users on the server.
This is dangerous, since most users don't view leaving their computer unat
tended in their office as being tantamount to leaving their credit card sit
ting on their desk.
FOXTROT 1998 Bill Amend. Reprinted with permission of UNIVERSAL PRESS SYNDICATE. All
rights reserved
The point of all this is twofold. First, due to real and perceived privacy
problems, some users turn off cookies. So, even when you use cookies to give
added value to a site, your site shouldn't depend on them. Second, as the
author of servlets that use cookies, you should be careful not to use cookies
for particularly sensitive information, since this would open users up to risks
if somebody accessed their computer or cookie files.
Second edition of this book: www.coreservlets.com; Sequel: www.moreservlets.com.
Servlet and JSP training courses by book's author: courses.coreservlets.com.
footer
Our partners:
PHP: Hypertext Preprocessor Best Web Hosting
Java Web Hosting
Jsp Web Hosting
Cheapest Web Hosting
Visionwebhosting.net Business web hosting division of Web
Design Plus. All rights reserved