© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
1da8883
demo site
(Get the code!)
(In reply to comment #84)
> If they need authorization for others servers, why just not to enter password
> on each server? And I see workaround: they could make an iframe, in which they
> can do POST's with form.submit() to each server (servers view referrers to
> determine should they authorize request or not).
Because users hate having to enter it for each server. Consider something like Yahoo! Mail: I happen to be on us.f802.
It simply is not practical to say "well, they should all be on one hostname." Look again. That's us.f802 - knowing Yahoo!, it's not impossible that they have 802+ mail servers clustering their users' mail accounts. Different physical machines, maybe even in different data centers at times.
It would be ridiculous (although this would be an available workaround for some uses) to create an iframe, set document.domain everywhere, and proxy cookies through the iframe. Assuming document.domain doesn't affect cookies.
I don't think you realize just how many websites this would break. Especially due to "www.example.tld" vs. "example.tld". It would affect a lot of sites. You are asking for _all_ web sites to be rewritten.
> Just remember that DNS is untrusted. DNS cache server owner can modify any
> record. And communication between client and DNS is not secure. It meens that
> we can't use it for SSL.
Sorry, but it's used for everything. I'm not saying it's trustworthy, but if your A record is wrong it won't help you much to have other records correct. If I am able to poison your A record for "dnsalias.net", then I can get to the cookies for it regardless.
Security is nice, but the boat will sink and everyone will move back to IE if users are completely ignored in its name - when other, better ways are possible where everyone can win.
-[Unknown]