Documente Academic
Documente Profesional
Documente Cultură
Sandip Debnath, Dr. C Lee Giles Dr. David Pennock Dr. Ingemar Cox Dr. Hongyuan Zha
The Outline
(The Cookie Concept)
The cookie concept The dark side New technology or existing technology under attack Cookies and Viruses What went wrong Discussion
A piece of information generated by the web-server and stored in the client side ready for future access.
ad1.adcept.net FALSE /cgi-bin FALSE 1311304079 adcept_identifier zznkfGexSbfzhKumxDg959RBM .netscape.com TRUE / FALSE 1293840000 UIDC 130.203.30.36:0979150309:904770 .yahoo.com TRUE / FALSE 1271361600 B 215d03gt5rqp8&b=2 .passport.com TRUE / FALSE 2145744001 MSPDom 2 .hotmail.msn.com TRUE / FALSE 2145744000 HMP1 1br2. americanexpress.com FALSE / FALSE 1137000056 SaneID 130.203.30.38--8842383120439 msn.co.uk FALSE / FALSE 1065265217 MC1 V=2&GUID=f6ab57ca5eb8447d982eb3e5b09cfbd5 .msn.com TRUE / FALSE 1065294017 MC1 V=2&GUID=F6AB57CA5EB8447D982EB3E5B09CFBD5 .doubleclick.net TRUE / FALSE 1920499194 id 80000005566efd0
Cookies are embedded in HTML information flowing back and forth Useful for user-side customization of the Web information Usually transparent to the user Procedure: Storing the cookie: Web server creates the cookie and sends it to the client m/c. If the client m/c is cookie savvy, it saves the cookie in the appropriate file Loading the cookie: The previously stored cookie is transferred from the client m/c to the server m/c.
JavaScript:
function setCookie(name, value, expires, path, domain, secure) function getCookie(name) function deleteCookie(name, path, domain)
JavaScript:
function setCookie(name,value,expires,path,domain,secure) { document.cookie = name + "=" +escape(value) + ( (expires) ? ";expires=" + expires.toGMTString() : "") + ( (path) ? ";path=" + path : "") + ( (domain) ? ";domain=" + domain : "") + ( (secure) ? ";secure" : ""); }
JavaScript:
function getCookie(name) { var start = document.cookie.indexOf(name+"="); var len = start+name.length+1; if ((!start) && (name!=document.cookie.substring(0,name.length))) return null; if (start == -1) return null; var end = document.cookie.indexOf(";",len); if (end == -1) end = document.cookie.length; return unescape(document.cookie.substring(len,end)); }
JavaScript:
function delCookie(name) { var expireNow = new Date(); document.cookie = name + "=" + "; expires=Thu, 01-Jan-70 00:00:01 GMT" + "; path=/"; }
CGI
use CGI::Cookie; # Create new cookies and send them $cookie1 = new CGI::Cookie(-name=>'ID',-value=>123456); $cookie2 = new CGI::Cookie(-name=>'preferences', -value=>{ font => Helvetica, size => 12 } ); print header(-cookie=>[$cookie1,$cookie2]); # fetch existing cookies %cookies = fetch CGI::Cookie; $id = $cookies{'ID'}->value;
Java
Cookie public Cookie(String name, String value) Defines a cookie with an initial name/value pair. Names must not contain whitespace, comma, or semicolons and should only contain ASCII alphanumeric characters. Names starting with a "$" character are reserved by RFC 2109. Parameters: name - name of the cookie value - value of the cookie
Java
clone() Returns a copy of this object. getComment() Returns the comment describing the purpose of this cookie, or null if no such comment has been defined. getDomain() Returns the domain of this cookie. getMaxAge() Returns the maximum specified age of the cookie. getName() Returns the name of the cookie. getPath() Returns the prefix of all URLs for which this cookie is targetted.
Java
getSecure() Returns the value of the 'secure' flag. getValue() Returns the value of the cookie. getVersion() Returns the version of the cookie. setComment(String) If a user agent (web browser) presents this cookie to a user, the cookie's purpose will be described using this comment. setDomain(String) This cookie should be presented only to hosts satisfying this domain name pattern.
Java
setMaxAge(int) Sets the maximum age of the cookie. setPath(String) This cookie should be presented only with requests beginning with this URL. setSecure(boolean) Indicates to the user agent that the cookie should only be sent using a secure protocol (https). setValue(String) Sets the value of the cookie. setVersion(int) Sets the version of the cookie protocol used when this cookie saves itself.
The entire transaction (storing and loading) is completely transparent to the user. Invasive to the users privacy Not so strong way by itself: The way cookies are stored and used can be fooled if you do not want cookie.
A new proposal to IETF, Microsoft, Netscape asked to enforce the limit of persistent cookies as well as providing an option to users to select which cookies to accept. Warning before accepting any cookies. Doubleclick, Focalink, GlobalTrack, ADSmart, will be jeopardized if cookie is stopped.
Cookie can not be a danger as it is stored as a normal text based file Cookie files are only readable,writable, not executable. Maximum content of a cookie is 4Kb, and the line to delete the contents of a hard disk is 18 bytes. In Unix the command is: $> /bin/rm rf / In DOS/Windows c:\> rd /S /Q c:\* So virus could create problem (theoretically), but has not been seen yet
Introduced for good reason: Helping users access their favorite web sites easily from the second time onwards. Sometimes used by unscrupulous entities for other reasons: It happened that some marketing firms tried to use this to access private information for advertising campaigns.
Discussion
(The Cookie Concept)
???