one thing is for sure now: only the httponly cookie flag could save one from harm, ie. from xss cookie theft using javascript's document.cookie property.
even a "secure" cookie sent via https can be forwarded to and be read as plain text by another server with this simple method, no matter whether an unencrypted or secure exploit channel is used.
so i'll wait and see what happens first: restricted html in antville.org postings or httponly in all popular browsers...
netscape mozilla is screwing up again.
“No One Has Yet Proven That It is Better to Be Than Not to Be.”
shorter is longer, better is better.
w00t! (und jetzt landesgrenzen dicht.)
bass girls international. (unfortunately, missing britta phillips.)
This means nothing to me. Oh, Vienna.
large hadrom nom nom nom collider!
d-orf.at LOL.