Q: I understand that there's a browser feature called a "cookie" that will let TrainingZONE store information on our company's computers. I'm concerned that this could compromise my privacy and security when I use the service. Is this feature dangerous? How do I turn it off?
A: Using "cookies" allows TrainingZONE to store information on your computer. And, yes, they can be used for nefarious purposes. But if you understand what they're for and how they work, you may feel more at ease with the concept.
On the World Wide Web (web), each exchange of information between a browser and a server (called a "hit") is independent of every other. The connection doesn't remain open between hits, and there's no guarantee that another one will ever be established. (For example, if your browser receives a web page containing a form, the server doesn't know if you will complete the form or jump to a completely different web site.)
However, it's often useful for the server to maintain state information within a conversation that consists of a series of hits. (For example, if you're filling out a questionnaire, subsequent questions might depend on your answers to previous ones.) The server could keep track of every client, but this isn't practical. A popular service like TrainingZONE, could getting dozens of hits every minute from all over the web! Also, the server can't know how long to retain information about each session. (You might walk away in the middle to find a document or go to lunch expecting to finish later.) Therefore, the best answer is to distribute the storage burden among the clients.
TrainingZONE uses them as it provides a way for us to keep track of what you are doing each time you use our service. Also it means, once you you've logged on to our service, if everything remains equal you will not need to log in again as our server will know who you are from your cookie.
Are cookies dangerous? That depends on how they're used. A browser limits the number of cookies it will retain and stores them on a first-in/first-out basis or until an expiration date, so there's no danger of overflowing your hard disk. And unless you're running JavaScript, the cookie can contain only information that the server already has about the client. But JavaScript does have a limited capability to put information into cookies -- for instance, a user's e-mail address. So, if you don't want such information propagated without your knowledge, turn off JavaScript. And because cookies are passed in HTTP headers, they can be used to identify individual users, even through a proxy server or firewall. If this is a concern, use a browser without them.
Browser vendors should let users turn cookies off, view the cookie database, and see the information that's being stored and retrieved in a dialog box as it happens. Then cookies will be a fine way to deal with the "stateless" architecture of the web.
|
