Follow-up Comment #3, bug #6694 (project savane):
> I wonder if using *.sys_default_domain is a safe default.
>
> Example: imagine mirror2.fr.gna.org
> Subdomains may be delegated to 3rd-parties who can't be entirely trusted.
Hard to tell. It depends how you manage your stuff. So far, at gna.org, we
have not sites outside our control with *.gna.org domain.
> That, or stop specifying a domain (for the safe of simplicity).
> It depends on whether it's actually safe to use subdomains
> "cooking".
We definitely need session cookies to be available at some other sites like
mail.gna.org. So we must keep specifying a domain anyway.
If someone have the case where *.domain.org should not be trusted, then we
would have to think of a way to restrict this.
_______________________________________________________
Reply to this item at:
<http://gna.org/bugs/?func=detailitem&item_id=6694>
_______________________________________________
Message posté via/par Gna!
http://gna.org/
_______________________________________________
Savane-dev mailing list
[email protected]
https://mail.gna.org/listinfo/savane-dev
