Assigned: (MODPYTHON-108) Let Cookie support new HttpOnly
Web Server forum
Back To The Forum Home!Search!Private Messaging System
Visit your User Control Panel!Register your FREE username now!Visit Our Calendar!View the Member List!Faqs!Search our Forums!

Web Server Talk Web Server Talk > Web Servers reviews > Apache Server configuration support > Apache Mod-Python > Assigned: (MODPYTHON-108) Let Cookie support new HttpOnly




  Last Thread   Next Thread Next
  Show Printable Version Email this Page Subscribe to this Thread      Post New Thread    Post A Reply      

    Assigned: (MODPYTHON-108) Let Cookie support new HttpOnly  
Jim Gallacher (JIRA)


View Ip Address Report This Message To A Moderator Edit/Delete Message


 
03-06-06 01:48 AM

[ http://issues.apache.org/jira/brows...ON-108?page=all ]

Jim Gallacher reassigned MODPYTHON-108:
---------------------------------------

Assign To: Jim Gallacher

> Let Cookie support new HttpOnly property to prevent cross-site cookie stea
ling
> --------------------------------------------------------------------------
----
>
>          Key: MODPYTHON-108
>          URL: http://issues.apache.org/jira/browse/MODPYTHON-108
>      Project: mod_python
>         Type: Improvement
>   Components: core
>     Versions: 3.2.7, 3.1.4, 3.3
>     Reporter: Deron Meranda
>     Assignee: Jim Gallacher
>     Priority: Minor

>
> The Cookie.Cookie class does not allow the new "httponly" cookie property 
to be set.  It needs to be added to the valid slots on the cookie metaclass.
  Also note that like the "secure" cookie attribute, it is simple a boolean 
flag without any value.
> The HttpOnly flag was invented by Microsoft but seeing widespread support 
as a way to prevent cross-site scripting from stealing cookies using client-
side Javascript.  This is especially important for security-sensitive cookie
s, such as session keys.
> The mod_python session object should also explicitly set the HttpOnly prop
erty on the cookies it creates.
> See also these related references:
> 1. http://msdn.microsoft.com/workshop/...nly_cookies.asp
> 2. http://search.cpan.org/~mschout/Apa...okie
.pm
> 3. https://bugzilla.mozilla.org/show_bug.cgi?id=178993
> 4. [url]http://www.linux.com/howtos/Secure-Programs-HOWTO/cross-site-malicious-content.shtml[
/url]




[ Post a follow-up to this message ]



    Sponsored Links  




 



   All times are GMT. The time now is 12:53 AM.      Post New Thread    Post A Reply      
  Last Thread   Next Thread Next


Most Popular forums 
Apache Server MySQL for Windows Sendmail
Red Hat Networking SuSe Linux Debian Linux
FreeBSD administration Sun Solaris administration Unix Shell programming
WebSphere Portal Server Exchange 2000 administration PostgreSQL administration
Linux Security Computer Security Firewalls

Forum Jump:
Rate This Thread:

Forum Rules:
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts 		HTML code is OFF
vB code is ON
Smilies are ON
[IMG] code is OFF
 
Medical and Health forum | Computer Games Reviews | Graphics design forum

Back To The Top
Home | Usercp | Faq | Register