WebApp Sec mailing list archives
Re: Reviewing security parameters
From: Jared <jared () geek-boy com>
Date: Fri, 16 Apr 2004 17:34:29 -0400
On Apr 16, 2004, at 3:01 PM, V. Poddubniy wrote:
Don't forget to set cookie as HttpOnly (this is useful at least for users of IE 6 SP1). This will tell browser not to tell on-page scrips (javascript, etc.) the cookie.
how does one do this? I was under the impression that you could set a cookie to only be sent via HTTPS/SSL, but not with any other restrictions.
Is this a feature that is unique to a particular web application environment, i.e. ASP.Net, PHP, JSP?
cheers, - Jared -- Happiness is a warm laptop.
Current thread:
- Reviewing security parameters Simon Lemieux (Apr 16)
- Re: Reviewing security parameters Ilya Sher (Apr 16)
- RE: Reviewing security parameters V. Poddubniy (Apr 16)
- Re: Reviewing security parameters Jared (Apr 16)
- Re: Reviewing security parameters Matt Summers (Apr 16)
- Re: Reviewing security parameters Jared (Apr 16)
- Re: Reviewing security parameters exon (Apr 16)
- Follow-up: Reviewing security parameters Simon Lemieux (Apr 17)
- Message not available
- Re: Follow-up: Reviewing security parameters Simon Lemieux (Apr 21)
- Message not available
- <Possible follow-ups>
- RE: Reviewing security parameters Pitts, Christopher C. (Apr 16)
- RE: Reviewing security parameters Scovetta, Michael V (Apr 16)
- RE: Reviewing security parameters Auri A. Rahimzadeh (Apr 16)