How Not To Design a Protocol 186
Posted
by
timothy
from the sweet-morsels-of-logged-in-ness dept.
from the sweet-morsels-of-logged-in-ness dept.
An anonymous reader writes "Google security researcher Michael Zalewski posted a cautionary tale for software engineers: amusing historical overview of all the security problems with HTTP cookies, including an impressive collection of issues we won't be able to fix. Pretty amazing that modern web commerce uses a mechanism so hacky that does not even have a proper specification."
The main thing is ... (Score:3, Funny)
Re:Analogy (Score:5, Funny)
> HTTP is like a manual lawn mower.
No it isn't. A manual lawnmower is well-designed. The Web is like a lawnmower built by Rube Goldberg out of dozens of pairs of scissors, lots of string, some boards and a child's wagon, propelled by a large dog and powered by the wagging of his tail (the cookies are to get him to wag it). It's now had a clippings bag and a fertilizer cart added following the same design principles. An automatic dandilion remover, a dethatcher, and an aerator are coming soon (and several more dogs).
Re:Analogy (Score:4, Funny)
Re:Analogy (Score:5, Funny)
am I the only one who now wants to see that built/build it myself?
Re:Analogy (Score:1, Funny)
...which smells so bad because the dog has been fed the worst dogfood, called PHP
ohhh yeah (Score:1, Funny)
A session is forever
i love your design
Re:Analogy (Score:5, Funny)
It would appear that you do not know what a manual lawnmower is.
Re:Does it work ? (Score:3, Funny)
Thank you, Captain Hindsight! What a complete failure the designers of HTTP were. They should've done it so much different! :-)