Web Security & Commerce by Simson Garfinkel with Gene Spafford Here are the changes from the 11/97 reprint: {15} Figure 1-1 is new. To view the new figure, return to the main errata page and click on the "Figure 1-1" link. {16} Figure 1-2 is new. To view the new figure, return to the main errata page and click on the "Figure 1-2" link. (28 reprinted for pagebreak due to changes on p. 29) {29}: edits to "" section: removed everything after the second sentence, and added a new third sentence: "Many people considered the tag to be an annoyance." {52}: last para., line 1: changed "shares an IP address" to "shares the same DNS name" (55): last para., line 1: added "is described" after "denial-of-service attack" {70}: para. 4: changed "Macromind" to "Macromedia"; also, removed the whole para. that begins "One could argue" (71 reprinted for pagebreak) (123): para. 3: added period to end of last sentence (233): 1st line of text: changed "Socket" to "Sockets" (240): 4th line from bottom: changed "RCZ" to "RC2" (241): 2nd line from bottom: changed "SL-TALK" to "SSL-TALK" {254}: in the box, removed the line beginning with "RMV" (263): end of bullet 1: changed URL to http://www.iss.net/ {318}: line 6 of code: changed "($val>10)" to "($val>9)" {423}: in table, session_id entry: changed "This field is never empty" (2nd sentence) to "The server may return an empty session_id to indicate that the session will not be cached and therefore cannot be resumed." {459}: Deleted the para. near the bottom before the ftp URL, the URL itself, and the following paragraph (on p. 460). Inserted: "You can download a 30-day trial version of the commercial package form http://www.iss.net/." at the top of p. 460. (With the URL in itals.) (486): in the last para., made the two bold sentences Roman