From: Rabid Wombat <wombat@mcfeely.bsfs.org>
Date: Thu, 18 Jul 1996 03:04:39 +0800
To: Christopher Hull <nozefngr@apple.com>
Subject: Re: CookieScan 0.0 rev 0
In-Reply-To: <199607160116.SAA24413@apple.com>
Message-ID: <Pine.BSF.3.91.960716173425.5147B-100000@mcfeely.bsfs.org>
MIME-Version: 1.0
Content-Type: text/plain




> >Christopher Hull wrote:
> >> What I imagine is a little utility that would
> >> display the cookies stashed on a machine and
> >> give the user the option to either delete or
> >> <snicker> edit </snicker> any given cookie.
> >> (Hey, it¹s *your* computer, not the website¹s).
> >
> >  I doubt that you will have much luck here.  Many (most??) sites
> >that use cookies tend to encode or obscure them so that they are not
> >human readable.  Certainly anyone doing something questionable
> >will obscure their cookies so that they will not be user readable
> >or editable.
> >
> I agree.  Editing is problematic.
> 

Yes, editing is difficult, often a trial-and-error effort if you don't 
know what the site is looking for. You generally end up with a cookie 
that is ignored by the server, which then acts as though no cookie were 
involved.

I have yet to see a "damaging" cookie, outside of the stupidity of trying 
to pass a plain-text password across the 'net for storage on the client. 
Anybody seen any interesting problematic cookies?

- r.w.