Skip to Main Content
Practical Internet Groupware
book

Practical Internet Groupware

by Jon Udell
October 1999
Beginner content levelBeginner
521 pages
15h 28m
English
O'Reilly Media, Inc.
Content preview from Practical Internet Groupware

Using Cookies to Authorize Access

Although cookies have become a major Internet cause célèbre, there really isn’t much difference between name/password-based and cookie-based authorization. In both cases, the browser transmits credentials to the server by way of an HTTP header—it’s either HTTP_AUTHORIZATION or HTTP_COOKIE. In both cases, security is weak when credentials travel over an unencrypted connection and much stronger when the data is encrypted with SSL. In both cases, authentication can persist so that users need not repeatedly assert their identities. The chief advantage of the cookie method is also its worst public-relations problem: cookies persist across browser sessions. (With basic authentication, credentials persist only during a session.) A cookie enables a server to recognize a user and authorize access automatically, without any input from the user. In order to do that, cookie data has to live on your hard disk. We’ll review what that data is, how it gets onto your hard disk, and how it can be used. But first let’s frame this volatile issue with a few observations:

Any form of authentication does away with anonymity.

Large areas of the Internet are open to anonymous use and will likely remain so. Groupware, though, is about relationships, and relationships are based on identity. If you choose to participate in a groupware application—on a public Internet site that serves 300,000 magazine subscribers or on an intranet server that hosts a team of a dozen collaborators—you ...

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.
Start your free trial

You might also like

Web Operations

Web Operations

John Allspaw, Jesse Robbins

Publisher Resources

ISBN: 1565925378Catalog PageErrata