Bugzilla cookies HTTP only
Max Kanat-Alexander
mkanat at bugzilla.org
Fri Jan 15 21:44:39 UTC 2010
On 01/13/2010 08:37 AM, Gervase Markham wrote:
> What exactly are the security benefits we get from having our cookies
> HTTPonly?
> [snip]
I tell ya what--get dveditz or Jesse to weigh in on this; we're not as
much security experts as they are.
At the least, Bugzilla_login can have httponly removed--only
Bugzilla_logincookie is actually sensitive.
-Max
--
http://www.everythingsolved.com/
Competent, Friendly Bugzilla and Perl Services. Everything Else, too.
More information about the developers
mailing list