WebApp Sec mailing list archives

Previous By Date Next
Previous By Thread Next

Re: [WEB SECURITY] Fundamental error in Corsaire's paper?

From: "Brian Eaton" <eaton.lists () gmail com>
Date: Fri, 28 Apr 2006 11:38:59 -0400
Interesting discussion, thanks to those participating.  I do want to
point out that in most cases cookie paths are used for functional
reasons and not as a security measure.  It would be a shame for
someone to read this thread and somehow conclude that cookie paths are
evil.

Someone who wants to set a particular cookie path so their application
works properly shouldn't hesitate to do so.

Someone who wants to set a particular cookie path as a security
measure probably needs to think a bit more about their threat model.

Regards,
Brian

-------------------------------------------------------------------------
Sponsored by: Watchfire

Watchfire's AppScan is the industry's first and leading web application
security testing suite, and the only solution to provide comprehensive
remediation tasks at every level of the application. Change the way you
think about application security testing - See for yourself.
Download a Free Trial of AppScan 6.0 today!

https://www.watchfire.com/securearea/appscansix.aspx?id=701300000007kaF
--------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: