Bugzilla cookies HTTP only
Gervase Markham
gerv at mozilla.org
Fri Jan 15 15:09:22 UTC 2010
On 14/01/10 16:53, Frédéric Buclin wrote:
> Le 13. 01. 10 17:37, Gervase Markham a écrit :
>> What exactly are the security benefits we get from having our cookies
>> HTTPonly?
>
> Read bug 368502
That bug lists lots of implementation detail, but at no point (that I
can see) explains _why_ it actually increases our security. That is the
question I am asking.
The bug basically goes:
- We should do this
- Here's a patch
- Will it break anything?
- No
- Here's a fixed patch
- Checked in
- Will it break this other thing, then?
- No, it won't break that either
There's no rationale anywhere.
Gerv
_______________________________________________
dev-apps-bugzilla mailing list
dev-apps-bugzilla at lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-apps-bugzilla
More information about the developers
mailing list