On Feb 6, 2013, at 5:06 PM, [email protected] wrote:
>> Javascript hosted on packages.python.org has access to cookies on >> python.org, If python.org has >> any sort of login it's trivial to steal a session cookie. > > No, it doesn't. Cookies for "python.org" are not available to > "packages.python.org". > It would have to be a cookie for ".python.org". We don't issue such cookies. > > Regards, > Martin > We probably will on the new site. > > _______________________________________________ > Catalog-SIG mailing list > [email protected] > http://mail.python.org/mailman/listinfo/catalog-sig _______________________________________________ Catalog-SIG mailing list [email protected] http://mail.python.org/mailman/listinfo/catalog-sig
