<h1>About this program</h1>
-<p>This is Chopwood version ~={version}H. It's a tool which lets users
-edit their passwords for services such as email, and web proxies, using
-a variety of interfaces. This is the CGI interface, but there are many
-others.
+<p>This is Chopwood version ~={version}H. It’s a tool which lets
+users edit their passwords for services such as email, and web proxies,
+using a variety of interfaces. This is the CGI interface, but there are
+many others.
<h2>Source code</h2>
<h2>What do you need this cookie for?</h2>
-<p>The cookie contains a token which tells the server that you've logged in
-properly. We could have chosen to use a hidden form field to carry this
-token about, but that causes other trouble.
+<p>The cookie contains a token which tells the server that you’ve
+logged in properly. We could have chosen to use a hidden form field to
+carry this token about, but that causes other trouble.
<p>For example, if we used <b>GET</b> requests then the token would appear as
part of a URL, where it would end up being written in the location bar of
is kind of long and ugly.
<p>We could avoid this problem by using <b>POST</b> requests everywhere, but
-that causes other trouble. In particular, you'd get that annoying
+that causes other trouble. In particular, you’d get that annoying
<blockquote>
The page that you’re looking for used information that you
entered. Returning to hat page might cause any action that you took to be
</blockquote>
message whenever you hit the reload button.
-<h2>What's in this cookie?</h2>
+<h2>What’s in this cookie?</h2>
<p>If you actually look at the cookie, you find that it looks something like
this:
request forgery</em></a> attacks.
<dt>Tag
-<dd>This is a cryptographic check that the other parts of the token haven't
-been modfied by an attacker.
+<dd>This is a cryptographic check that the other parts of the token
+haven’t been modfied by an attacker.
<dt>User name
<dd>Your user name, in plain text.
</dl>
-<h2>How do I know you're not using this as part of some hideous behavioural
-advertising scheme?</h2>
+<h2>How do I know you’re not using this as part of some hideous
+behavioural advertising scheme?</h2>
-<p>That's tricky. I could tell you that this program is
+<p>That’s tricky. I could tell you that this program is
<a href='http://www.gnu.org/philosophy/free-sw.html'>free software</a>, and
that you can
<a href="~={script}H/~={package}H-~={version}H.tar.gz">">download its
source code</a> and check for yourself.
-<p>That's true, except that it shouldn't do much to convince you that this
-server is actually running the code it claims to be. And anyway, Chopwood
-itself represents only one of many bits of software which could be keeping
-track of you somehow through this cookie.
+<p>That’s true, except that it shouldn’t do much to convince
+you that this server is actually running the code it claims to be. And
+anyway, Chopwood itself represents only one of many bits of software
+which could be keeping track of you somehow through this cookie.
<p>So, really, it comes down to trust. Sorry.
~mdw / chopwood / commitdiff