Hi If this is the case, it looks like the perfect solution to the problem. And I think it should be strict too.
// Ola On Fri, 13 Mar 2020 at 10:50, Emilio Pozuelo Monfort <po...@debian.org> wrote: > On 12/03/2020 22:02, Brian May wrote: > > Ola Lundqvist <o...@inguza.com> writes: > > > >> I have ideas on how we can reduce the attack possibilities but I cannot > >> find any perfect solution to this. > > > > What about setting samesite=Lax in the session Cookie? > > Wouldn't you need Strict rather than Lax? Otherwise if basite.com sends a > POST > request to your phppgadmin instance, the cookie will be sent and you won't > have > fixed anything. > > Cheers, > Emilio > -- --- Inguza Technology AB --- MSc in Information Technology ---- | o...@inguza.com o...@debian.org | | http://inguza.com/ Mobile: +46 (0)70-332 1551 | ---------------------------------------------------------------
