kraig: Salty+Zack (Default)
kraig ([personal profile] kraig) wrote in [site community profile] dw_dev 2009-09-07 03:52 am (UTC)

Can't speak to the ability to break out the username.domain.name bit from the code (I imagine it's possible), but there's a reason for it - it's so that people can't steal others' cookies, which use a host.domain.name format for trust. So kraig.dreamwidth.org can't see whobutdrew.dreamwidth.org's cookies with some malicious code, but dreamwidth.org/kraig can write some malicious code to see whobutdrew's cookies, if this theoretical malicious kraig could trick poor whobutdrew into visiting a page that had it. So unless you can explicitly trust all your users, I'd hold off on your plan.
(17 comments)

Post a comment in response:

If you don't have an account you can create one now.
HTML doesn't work in the subject.
More info about formatting

If you are unable to use this captcha for any reason, please contact us by email at support@dreamwidth.org

 
Notice: This account is set to log the IP addresses of everyone who comments.
Links will be displayed as unclickable URLs to help prevent spam.