My daily readings 11/15/2011

    • The problem with the first one is obvious.  The problem with the second one is that the life-saving marrow transplant that Amit needs requires a donor with a similar genetic makeup, and South Asians are dramatically underrepresented in the registered donor pool.
    • At the time, the only way to donate marrow was to basically have someone drill holes in your bones and drain your skeleton, which kind of terrified me.  Nowadays, of course, most donations require nothing more than sitting still for a few hours with an IV watching television.  But after a lot of introspection, I decided that it was a rare occurrence in this world that you actually get to save the life of a stranger, and if skeleton-draining was the price of that, then so be it.  I was also reassured that most folks are never matched with anyone.
  • tags: Cookie Session security

    • Because the web relies on HTTP for communication, maintaining state in a web application can be particularly challenging for developers. Cookies are an extension of HTTP that were introduced to help provide stateful HTTP transactions, but privacy concerns have prompted many users to disable support for cookies. State information can be passed in the URL, but accidental disclosure of this information poses serious security risks. In fact, the very nature of maintaining state requires that the client identify itself, yet the security-conscious among us know that we should never trust information sent by the client.
    • Of particular note in this example request is that there is nothing within it that can be used to uniquely identify the client. Some developers resort to information gathered from TCP/IP (such as the IP address) for unique identification, but this approach has many problems. Most notably, a single user can potentially use a different IP address for each request (as is the case with large ISPs such as AOL), and multiple users can potentially use the same IP address (as is the case in many computer labs using an HTTP proxy). These situations can cause a single user to appear to be many, or many users to appear to be one. For any reliable and secure method of providing state, only information obtained from HTTP can be used.

Posted from Diigo. The rest of my favorite links are here.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: