Slashdot Mirror


How Not To Design a Protocol

An anonymous reader writes "Google security researcher Michael Zalewski posted a cautionary tale for software engineers: amusing historical overview of all the security problems with HTTP cookies, including an impressive collection of issues we won't be able to fix. Pretty amazing that modern web commerce uses a mechanism so hacky that does not even have a proper specification."

1 of 186 comments (clear)

  1. Re:Analogy by John+Hasler · · Score: 5, Funny

    > HTTP is like a manual lawn mower.

    No it isn't. A manual lawnmower is well-designed. The Web is like a lawnmower built by Rube Goldberg out of dozens of pairs of scissors, lots of string, some boards and a child's wagon, propelled by a large dog and powered by the wagging of his tail (the cookies are to get him to wag it). It's now had a clippings bag and a fertilizer cart added following the same design principles. An automatic dandilion remover, a dethatcher, and an aerator are coming soon (and several more dogs).

    --
    Warning: this article may contain humor, sarcasm, parody, and perhaps even irony. Read at your own risk.