Customizing SMF > SMF Coding Discussion

[WIP/BETA] EU cookie law

<< < (19/48) > >>

Antechinus:
I'd love the shoot the idiots who thought this law was a good idea. ::)

nend:

--- Quote from: Arantor on May 22, 2012, 05:26:52 PM ---There's two ways to solve that problem, neither ideal - either you proxy every image and blackhole the cookies in the process, or you manually look up every image on posting and see if cookies are posted in the response and if so warn the user.

--- End quote ---

Actually you can do it with other file types too. All you need to do is call it dynamically. So if I load a file through a PHP script I can add a cookie then pass the contents.

I am guessing all that would have to be done is not allow dynamic images in post and signatures. Basically a file extension check. Currently SMF does not check the extensions in images in BBC, so adding a new rule should do the job, I think.

I am though against it and only hope if these things do make it to SMF only they do so as a optional feature. Why penalize the users who are not bound by this law. :D

Arantor:
@Ant: that would be the European Courts that decided this was a problem, and then the UK and a couple of other countries that actually implemented the rules. Wait until it goes postal with everyone getting in on the act.

@nend: Sure you can do it with other file types, but the only ones that SMF will allow dynamically included under most circumstances are images (though checking for cookies is something we might have to look at in the auto embed part of Aeva), so it's only really anything in the img tag that we have to look for.

And really, the extension means squat, I know full well that a simple rewrite rule on the destination will pretend .png or .gif is the filename instead of .php or similar.


--- Quote ---Why penalize the users who are not bound by this law.
--- End quote ---

It's only a matter of time before we all are, I fear.

emanuele:
This is a draft of a future EU regulation that involves cookies too:
http://ec.europa.eu/justice/data-protection/document/review2012/com_2012_11_en.pdf
something that will replace the current directive.

Arantor:
That's even more incomprehensible than the current wording of the UK law itself. :/

Navigation

[0] Message Index

[#] Next page

[*] Previous page

Go to full version