Mailinglist Archive: opensuse-buildservice (327 mails)

< Previous Next >
[opensuse-buildservice] OBS cookies bug
Hi:

The cookies that the OBS sends to browsers MUST have the "secure" flag
[1] set, and possible the "HttpOnly" flag as well.


[1]http://www.cgisecurity.com/owasp/html/ch07.html#id2857913

Cheers.

--
To unsubscribe, e-mail: opensuse-buildservice+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse-buildservice+help@xxxxxxxxxxxx

< Previous Next >
This Thread
  • No further messages