[WEB4LIB] Got Milk? Got Cookies? Got Authentication?
Richard Goerwitz
richard at goon.stg.brown.edu
Sat Jan 9 12:44:42 EST 1999
Tom Klingler wrote:
>
> 1-8-99
>
> Got Milk? Got Cookies? Got Authentication?
>
> The LITA Secure Systems & Services Interest Group is presenting an informal
> managed discussion at ALA Midwinter in Philadelphia on the use of cookies
> and tokens for authentication.
I supposed you'll also address the question of how cookies will be used
at kiosks (where you shouldn't just exit a browser, and where a cookie
may live through many, many user sessions - if in fact the institution
maintaining the kiosk permits cookies to be stored at all).
And I hope you'll also answer the criticism that domain-based cookies,
like the ones you're using, are positively the worst kind, because they
cannot easily be intercepted by reverse proxies. Cookies (domain or
machine-based) can't be intercepted at all by URL-rewriting systems used
in many institutions, such as the UVa and Harvard.
And of course, cookies have been the subject of ongoing security con-
cerns, leading many people simply to turn them off.
Finally, it would be useful if you would discuss, in general, why no
other authentication method (browser plug-ins, reverse proxies, URL-
encoded session IDs, etc.) is workable here.
--
Richard Goerwitz
PGP key fingerprint: C1 3E F4 23 7C 33 51 8D 3B 88 53 57 56 0D 38 A0
For more info (mail, phone, fax no.): finger richard at goon.stg.brown.edu
More information about the Web4lib
mailing list