[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: gnatsweb/91: Bad security with cookie
From: |
yngves |
Subject: |
Re: gnatsweb/91: Bad security with cookie |
Date: |
19 Aug 2001 21:21:51 -0000 |
Synopsis: Bad security with cookie
State-Changed-From-To: analyzed->closed
State-Changed-By: yngves
State-Changed-When: Sun Aug 19 14:21:51 2001
State-Changed-Why:
Two changes made to Gnatsweb 4:
- username and password are camouflaged in the db_prefs cookie.
- Added a configuration variable which makes Gnatsweb use only temporary
cookies for db_prefs, i.e. cookies that aren't stored on disk and which are
deleted when the user exits the browser.
The first measur provides very limited security, but the second one makes
things genuinely safer, although it makes things slightly less convenient for
users.
http://sources.redhat.com/cgi-bin/gnatsweb.pl?cmd=view&pr=91&database=gnats