[Savane-dev] [bug #6694] Attaching cookies to a .domain

Sylvain Beucler Mon, 21 Aug 2006 13:52:32 -0700

Follow-up Comment #2, bug #6694 (project savane):

I wonder if using *.sys_default_domain is a safe default.


Example: imagine mirror2.fr.gna.org
Subdomains may be delegated to 3rd-parties who can't be entirely trusted.


> I even think the noticed inconsistency
> was actually on purpose (but this should
> have be mentioned in a comment in the code).

Please check your memories :)


> But session-related cookies should first check
> if the domain name is acceptable in a cookie

That, or stop specifying a domain (for the safe of simplicity).
It depends on whether it's actually safe to use subdomains "cooking".


    _______________________________________________________

Reply to this item at:

  <http://gna.org/bugs/?func=detailitem&item_id=6694>

_______________________________________________
  Message posté via/par Gna!
  http://gna.org/


_______________________________________________
Savane-dev mailing list
[email protected]
https://mail.gna.org/listinfo/savane-dev

[Savane-dev] [bug #6694] Attaching cookies to a .domain

Reply via email to