On Feb 6, 2013, at 6:41 PM, Richard Jones <[email protected]> wrote:
> On 7 February 2013 09:55, Donald Stufft <[email protected]> wrote: >> http://en.wikipedia.org/wiki/Session_fixation >> >> packages.python.org can set a .python.org cookie which www.python.org will >> read. > > Damn, cookies are busted :-( > > At least secure cookies are safe, right? Right? Ugh, probably not. > > So the only real solution is the one you use, which is to set up the > unsafe content on a separate domain. Easy enough, even I can buy > domains ;-) > > I hear read the docs is popular ;) > Richard > _______________________________________________ > Catalog-SIG mailing list > [email protected] > http://mail.python.org/mailman/listinfo/catalog-sig _______________________________________________ Catalog-SIG mailing list [email protected] http://mail.python.org/mailman/listinfo/catalog-sig
