Issue 2550689: Cookie security

classification

Title:	Cookie security
Type:	security	Severity:	normal
Components:	Web interface	Versions:	1.4

process

Status:	new	Resolution:
Dependencies:		Superseder:
Assigned To:		Nosy List:	joseph_myers
Priority:		Keywords:

Created on 2011-02-22 20:07 by joseph_myers, last changed 2011-02-22 20:07 by joseph_myers.

Messages
msg4245 (view)	Author: [hidden] (joseph_myers)	Date: 2011-02-22 20:07
When the configured URL for a Roundup tracker is an https: URL, Roundup's cookies should be marked Secure so they do not get sent back over non-https connections. Roundup's cookies should also be marked HttpOnly so that any cross-site-scripting vulnerabilities do not result in cookies being compromised.

msg4245 (view)

Author: [hidden] (joseph_myers)

Date: 2011-02-22 20:07

When the configured URL for a Roundup tracker is an https: URL,
Roundup's cookies should be marked Secure so they do not get sent back
over non-https connections.

Roundup's cookies should also be marked HttpOnly so that any
cross-site-scripting vulnerabilities do not result in cookies being
compromised.

History
Date	User	Action	Args
2011-02-22 20:07:34	joseph_myers	create

Roundup Tracker - Issues

Issue 2550689