Slashdot Mirror

← Back to Stories (view on slashdot.org)

How Not To Design a Protocol

Posted by timothy on from the sweet-morsels-of-logged-in-ness dept.

An anonymous reader writes "Google security researcher Michael Zalewski posted a cautionary tale for software engineers: amusing historical overview of all the security problems with HTTP cookies, including an impressive collection of issues we won't be able to fix. Pretty amazing that modern web commerce uses a mechanism so hacky that does not even have a proper specification."

2 of 186 comments (clear)

  1. Let me get this straight... by froggymana · · Score: -1, Offtopic

    So when it comes to Flash HTML5 is the best thing in the world, but when its just HTML but it self its a terrible mess of kludges that doesn't work very well?

    Why can't we just start over with an entirely new web standard that would be designed in a more efficient manner? HTML5 is going to take a lot of work to fully implement and to get rid of flash, or why don't they do a serious over haul on HTML removing a lot of the security risks to make it as safe as it could be while still keeping most of the same syntax?

    --
    "To prevent this day from getting any worse, I'll just read ERROR as GOOD THING" 1GJU8xLuDKDxEs4KLf8fAGyptoDsqvEsBT
  2. -1 Profanity by jabberw0k · · Score: -1, Offtopic

    You had some excellent points until you started swearing. Clean up your act, I wanted to hear what you had to say.