On 06/08/2010 05:04 PM, Devdatta wrote: > Why not hash the auth with a salt and then send H(nonce,auth token) to > the server? Thus the server if the auth token is really important can > generate them if needed - but the attacker can't easily generate the > auth token back from the data in report-uri.
This could work for auth, but not for cookies since the value of the cookies isn't predictable by the server. My impression is that the cookies would be more useful in debugging what went wrong on a site than the auth, so I'd be interested to see if there's something we can do there. Storing the report-uri in well-known might work (as Adam suggested), but that splits the policy into two locations. Would a policy referenced via policy-uri be safe enough to not suppress auth and cookie data? If so, maybe we could redact it when sending reports for policies where report-uri is in the HTTP header, and not when it's in an external policy file. -Sid _______________________________________________ dev-security mailing list dev-security@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security