Re: gnatsweb/91: Bad security with cookie

gnats-prs

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: gnatsweb/91: Bad security with cookie

From:	yngves
Subject:	Re: gnatsweb/91: Bad security with cookie
Date:	19 Aug 2001 21:21:51 -0000

Synopsis: Bad security with cookie

State-Changed-From-To: analyzed->closed
State-Changed-By: yngves
State-Changed-When: Sun Aug 19 14:21:51 2001
State-Changed-Why:
    Two changes made to Gnatsweb 4:
    - username and password are camouflaged in the db_prefs cookie.
    - Added a configuration variable which makes Gnatsweb use only temporary 
cookies for db_prefs, i.e. cookies that aren't stored on disk and which are 
deleted when the user exits the browser.
    
    The first measur provides very limited security, but the second one makes 
things genuinely safer, although it makes things slightly less convenient for 
users.

http://sources.redhat.com/cgi-bin/gnatsweb.pl?cmd=view&pr=91&database=gnats

[Prev in Thread]

Current Thread

[Next in Thread]

Re: gnatsweb/91: Bad security with cookie, yngves, 2001/08/16
- Re: gnatsweb/91: Bad security with cookie, yngves <=

Prev by Date: Re: gnatsweb/228: Internal Server Error when "submit edit"
Next by Date: Re: gnats/151: v4 documentation should state that GNU make is required
Previous by thread: Re: gnatsweb/91: Bad security with cookie
Next by thread: Re: gnatsweb/81: using lynx for gnatsweb login is broken
Index(es):
- Date
- Thread