On Tue, Mar 11, 2008 at 8:19 AM, Ricardo SIGNES <suppressed> wrote: > Is your objection just that you don't want me storing anything in your > browser's cookie jar that isn't plaintext ... Yes. I thought I'd said that more than once. A unfortunate perception exists among many that cookies are bad. IMO encrypting session data and placing it in a cookie contributes to that perception. It doesn't mean every usage is bad. But, it can be. The problem being that it's not transparent for the recipient to make that determination. I agree with you that worse things could be happening on the backend (storing credit card numbers in clear text on a loosely secured network-accessible device). Mark ##### CGI::Application community mailing list ################ ## ## ## To unsubscribe, or change your message delivery options, ## ## visit: http://www.erlbaum.net/mailman/listinfo/cgiapp ## ## ## ## Web archive: http://www.erlbaum.net/pipermail/cgiapp/ ## ## Wiki: http://cgiapp.erlbaum.net/ ## ## ## ################################################################
Mail converted by mhonarc 2.6.15
This archive provided courtesy of JSW4.NET, Internet Hosting Services for Small Business.