Bugzilla cookies HTTP only

Gervase Markham gerv at mozilla.org
Fri Jan 15 15:09:22 UTC 2010


On 14/01/10 16:53, Frédéric Buclin wrote:
> Le 13. 01. 10 17:37, Gervase Markham a écrit :
>> What exactly are the security benefits we get from having our cookies
>> HTTPonly?
> 
> Read bug 368502

That bug lists lots of implementation detail, but at no point (that I
can see) explains _why_ it actually increases our security. That is the
question I am asking.

The bug basically goes:

- We should do this
- Here's a patch
- Will it break anything?
- No
- Here's a fixed patch
- Checked in
- Will it break this other thing, then?
- No, it won't break that either

There's no rationale anywhere.

Gerv

_______________________________________________
dev-apps-bugzilla mailing list
dev-apps-bugzilla at lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-apps-bugzilla


More information about the developers mailing list