| commit | fd015bdae0060955851708e49d35a74e4db03065 | |
| author | alech <alech@95d9436f-6502-0410-902c-bd9569d1a17e> | |
| Fri, 29 Aug 2008 09:50:15 +0000 (29 09:50 +0000) | ||
| committer | alech <alech@95d9436f-6502-0410-902c-bd9569d1a17e> | |
| Fri, 29 Aug 2008 09:50:15 +0000 (29 09:50 +0000) | ||
| tree | 0ee2f89155945266ca4d4c6c22c09f6596a28feb | treesnapshot (tar.gz zip) |
| parent | f884225f5ef913f184aa6451100149abc41d3978 | commitdiff |
Web interface: protect against "Surf Jacking" by marking the authentication cookie as secure if HTTPS is used
See http://resources.enablesecurity.com/resources/Surf%20Jacking.pdf for
more details on how this type of attack works
git-svn-id: https://openxpki.svn.sourceforge.net/svnroot/openxpki@1344 95d9436f-6502-0410-902c-bd9569d1a17e
See http://resources.enablesecurity.com/resources/Surf%20Jacking.pdf for
more details on how this type of attack works
git-svn-id: https://openxpki.svn.sourceforge.net/svnroot/openxpki@1344 95d9436f-6502-0410-902c-bd9569d1a17e
| trunk/clients/perl/OpenXPKI-Client-HTML-Mason/htdocs/authentication/session.mhtml | diffblobblamehistory |