User talk:Blaufish

From Wikipedia, the free encyclopedia

Talk!

[edit] HTTP cookie

Hi. I have seen you have added an interesting section to that article. There is however a point you may clarify: I understand that the difference between cookie theft and cross site cooking is that the first works by making the browser execute a script, while the second exploit a browser bug. Is this correct? Or is the difference not this one? - Liberatore(T) 00:36, 11 February 2006 (UTC)

Blaufish (Longer reply T): Cookie theft is many different things exploits. The purpose of cookie theft is for someone to steal cookies from client / server communication. Yes, cookie theft through cross site scripting does involve executing scripts.

Cross Site Cooking is however that another malicious site is confusing a browser, and setting the cookie. http://evil-guy/ setting cookies for http://your-bank/ and such.

Thank you, now it's perfectly clear to me. I have added three images in HTTP cookie to clarify the difference. If you think they are incorrect in some way, let me know so that I can modify them.
As for the talk pages, most people just do what you did (write in the talk page of the person they want to tell something to). BTW, to sign your post, add four tildes, like: ~~~~. This automatically adds your name and the date of the post. - Liberatore(T) 13:53, 15 February 2006 (UTC)

[edit] Welcome

And, since you haven't received a welcome message so far:


Welcome!

Hello, Blaufish, and welcome to Wikipedia! Thank you for your contributions. I hope you like the place and decide to stay. Here are a few good links for newcomers:

I hope you enjoy editing here and being a Wikipedian! Please sign your name on talk pages using four tildes (~~~~); this will automatically produce your name and the date. If you need help, check out Wikipedia:Where to ask a question, ask me on my talk page, or place {{helpme}} on your talk page and someone will show up shortly to answer your questions. Again, welcome!  - Liberatore(T) 00:36, 11 February 2006 (UTC)


[edit] Session poisoning

It is a good idea to create this article :) However, I think that the first example, "Trivial attack scenario", is over-simplified and could lead the reader to think it is just about injecting HTTP variables as script global variables. The third example is misleading too, in my opinion. I suggest removing them or making them clearer. Cheers ! Nicolas1981 22:19, 2 March 2006 (UTC)