Browse Prior Art Database

Browser cookies which help web servers alert users of potential security violations

IP.com Disclosure Number: IPCOM000014428D
Original Publication Date: 2001-Aug-01
Included in the Prior Art Database: 2003-Jun-19
Document File: 2 page(s) / 40K

Publishing Venue

IBM

Abstract

Browser cookies which help web servers alert users of potential security violations

This text was extracted from a PDF file.
This is the abbreviated version, containing approximately 52% of the total text.

Page 1 of 2

Browser cookies which help web servers alert users of potential security

violations

This disclosure considers the case of browser cookies and how they relate to personal security to the web user. Specifically, browser cookies are a convenience provided to the user, but can lead to security loopholes in some cases. First, this disclosure gives a simple overview of how cookies work. Second, the disclosure will point out possible security or privacy flaws revealed by cookies. Finally, a proposal for letting a user close or reduce the security exposure of cookies is given.

When a browser user visits a web site, the web site typically will insert its personal cookie onto the users web browser cookie cache. This cookie may be a simple marker so that the web site can greet you by your name. Or, this cookie may hold additional information such as your user login and password, if you wish. Typically, the user is given this opportunity to accept this type of cookie with the option of "remember this information". Essentially, the user has given the web site permission to plant a detailed cookie specific to the user onto the user's hard drive. The next time the user visits the web site, the web server engine searches the cookie cache on the user's disk and seeks a cookie associated with itself. The browser security should not allow the web site to open up and read the cookies that belong to other web sites. However, this level of security does not quite please some people. There are browser plugins that will automatically flush the browser's cookie cache so that no sites can "snoop" other cookies. But as a result of this sweep, every time the user visits a web site, they must re-inform the web site as to their identity.

One of the problems that can exist for people who do not automatically flush their cookie cache is that a person could break into their computer account and cause havoc with their personal accounts on ebusiness sites. It would be possible for a person to break into a person's home or office and access their unlocked computer. When the thief has access to their computer, they simply boot up the computer and start the web browser. A user probably has their favorite ecommerce sites bookmarked, or it will be shown in their history file. The thief simply has to go onto the web site and the cookie from the hijacked computer will provide the web site the incorrect impression that the owner is really visiting the site and is attempting to purchase an item. In addition, many web sites will have the user's credit card number saved off in the database to save the user the effort and fear of typing in their credit card number for transmission over the interne...