Become a fan of Slashdot on Facebook


Forgot your password?

Comment Re: Perhaps... (Score 1) 344

Sorry my point was that the scheme you describe has been around ages (nothing new to see here) but that it's too cumbersome to work in practice. Otherwise we'd see it used more often right?

Glad you agree the entire web should be encrypted. It used to be an issue with CPU usage & then power constraints when mobile came on the scene but we should expect to see it more and more now esp post snowden

Comment Re:Perhaps... (Score 1) 344

I first encountered the approach you describe (URL rewriting for session management) when working with BEA WebLogic about 10 years ago, but I'd say it predates that. It would kick in by default when cookies weren't enabled.

I think it worked okay, besides the ugly URLs and stuff. The issue described elsewhere around copying/pasting/sharing links or some bad person hijacking your session could be resolved by making the magic numbers "one-time only" but then you would lose your bookmarkability. Basically you will still need to log in. You'll also have to resign yourself to the fact that the user needs to log in again every time they use the back button, or otherwise enter your site some other way than through using the links that you provide. You'll probably have to rewrite all your static content too.

There's still a possibility of a hacker snooping an unencrypted HTTP session however and hijacking your session by sending the next URL before you do. To be honest you good attack a user on cookies in the same way ... another scenario worth considering could be an attacker with a brief amount of access to your computer copying and pasting one of your links into IM window.

In the scenario you describe, a good implementation would resolve all invalid rewrite links to their non-personalised variant.

Comment Re:Really? (Score 1) 85

Nope, 'subconcious' is a Freudian concept that refers to deeper currents of conciousness, well beyond what can be known or observable and such phenomena as dreams are ascribed to this. Unconcious may alternatively be described as 'inattentive' i.e. something you do without being conciously aware you are doing it (e.g. something that is well practiced such as signing your name, may be largely 'unconcious' whereas sketching a fruit-bowl might draw far more concious resources if you are not proficient in that area)

Comment Re:Interesting study but needs replication (Score 2) 85

This simply seems like an extension of the cocktail party effect ( or Priming ( it's not entirely new, it does show that inattentive processing can be a little more sophisticated than previously thought, but it is not a game-changer.

"I never let my schooling get in the way of my education." -- Mark Twain