Adam Zey wrote: > Peter Lauri wrote: >> Is it possible to some how find out all cookies on a specific computer >> and >> their name and value? I assume not :) >> >> >> >> /Peter >> > > No, because you don't OWN them, therefore you have no right (either > technologically or ethically) to see them. the 'right' that he has to see them (or others have to see his cookies) has nothing to do with whether it is technically possible. the HTTP specifications state that a site should only have access to cookies set within it's own domain - so in a perfect world Peter doesn't have access. BUT: 1. security flaws in browsers (and/or webservers?) can (and have) occassionally make cookies available to third parties unintentionally. 2. cross-site-scripting (XSS) hacking techniques are capable of stealing cookie data from third parties. you can't do much about 1. but you can take measures to protect your site from XSS. http://www.phpsec.org is a great place to learn more about XSS and other security issues. > Asking such unethical > questions on this list is, well, pretty dumb. there are no unethical questions and to presume that Peter is out to steal other peoples cookies is shortsighted - there is no evidence to back this up... turn it around - maybe he wanted to know if it was possible for other people/sites to view *his* cookies. the ethical issue arises if Peter would try to read cookies that don't belong to him/his site. I feel it was unfair to insinuate dumbness; if you want to call people dumb why not take it out on "Suresh 'I have one problem, awaiting you reply asap' Kumar"? he's an easy target and apparently doesn't even know of the eixstence of the 'Reply' button ;-) (okay so that last bit was unfair - pot calling the kettle black heh :-P) > > Regards, Adam. > -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
