[pubcookie-dev] pubcookie in country code TLDs
leg+ at andrew.cmu.edu
Wed Jan 15 11:51:28 PST 2003
Date: Wed, 15 Jan 2003 11:30:47 -0600 (CST)
From: "RL 'Bob' Morgan" <rlmorgan at washington.edu>
Oy, horrible is right. But I'm sure someone said, hey, "co.uk." has the
same sort of real-world meaning as ".com.", that is entities under it have
to be assumed to be mutually non-trusting, so setting a cookie with a
scope such that it could be passed between them is bad, so let's make the
browser not do that. Of course if it really were bad presumably security
advisories would have been issued for those browsers that permit it. And
of course there are so many ways of passing info between domains if you
want to (embedded images etc) that this restriction is rather silly. But
if it's reality with IE then it is.
Their heart was in the right place.
I guess the good thing is that any solution we come up with to do
cross-DNS-domain operation will solve this problem too.
Steve was looking at that some time ago; I thought this had become a
higher priority for UW. Has anything happened with this?
More information about the pubcookie-dev