Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
With a little reflection I should have guessed that the HTTP request- and response-parameters are involved. This is proof of the harm that Web-application-frameworks do to a developer's brain. 10 years after and I have still not recovered.
Astonish me and tell me how a PHP-generated web-page creates cookies. At this moment, I know nothing about it and really need to learn this.
When the web-page creates cookies, it is already loaded in a browser. I cannot see what else but JavaScript would be able to do anything “dynamic” at this moment. PHP will most certainly create the JavaScript which is shipped along with the generated HTML, as do any other Web-Application frameworks, like jsp, faces, rails, sinatra... etc.
You should be using uMatrix instead of NoScript, then you'd see that cookies are not dependent on javascript.
No offense, but a sentence like "PHP will most certainly create the JavaScript which is shipped along with the generated HTML" is nonsense.
Plenty web pages come completely without javascript, plenty PHP that does not create any javascript at all.
PHP creates the page - and, if so configured, the cookie - in the moment it is requested from the client.
It is server side scripting. Do you know the difference between that and client-side scripting (e.g. javascript)?
Quote:
Originally Posted by Michael Uplawski
I only hope that they know what they are doing.
Sounds like a case of people in charge having no clue about how the internet works, resulting in completely blue-eyed outsourcing.
Always disable Third-Party Cookies - they have no value to you, whilst allowing malicious entities to spy on your activities and interests.
uMatrix and/or Privacy Badger both make it easy to conditionally allow such cookies when you're dealing with websites written by incompetent developers.
Do you know the difference between that and client-side scripting (e.g. javascript)?
As I had ignored the possibility to include all key/value pairs in request- and response, my misunderstanding was much heavier than that. But the resolution is also simpler.
Cookies can't infect computers with viruses or other malware. However, some cyberattacks can hijack cookies and enable access to your browsing sessions.
Cookies can't infect computers with viruses or other malware. However, some cyberattacks can hijack cookies and enable access to your browsing sessions.
Cyberattacks, he?
You should care about who sets a cookie on which site (and why in hell, as they have nothing in common) and to what purpose. If you cannot find the answer, it is probably best to disable cookies.
If you disable cookies in most web browsers then some pages wont load. More and more cloudflare sites are like that. I've tried to load pages that post "Go Away" if you don't have scripts and cookies enabled. That's because you are keeping them from making money.
I even had one the other day that curl would not get the source for. But it would load in a browser with cookies enabled.
Disabling third-party cookies only causes issues in rare situations, (and can be used as an indicator of how much you should/shouldn't trust a website/company - and again, uMatrix and/or Privacy Badger are useful tools for dealing with those situations).
Any site that wants search engines to spider them cannot stop people accessing it - because any blocks they put in place can be bypassed by making oneself look like a bot.
Disabling third-party cookies only causes issues in rare situations, (and can be used as an indicator of how much you should/shouldn't trust a website/company - and again, uMatrix and/or Privacy Badger are useful tools for dealing with those situations).
Fully agree: a whitelist approach is the safest and sanest thing to do when browsing the WWW of 2020...
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.