Re: Secure Cookies

This WebDNA talk-list message is from

2008


It keeps the original formatting.
numero = 70152
interpreted = N
texte = It's all in the RFC: Basically you should just have to add "&secure=3D" to your SETCOOKIE =20 tag, but WebDNA doesn't seem to add the attribute, so you have to use =20= a simple hack instead: add the text "; to your value parameter, like [SETCOOKIE name=3DmySecureCookie2&value=3DHello!; = secure&domain=3Dwww.mydomain.com=20 ] Best, Christer ************************************************************* Christer Olsson PO Box 9160 Phone +46 40 25 85 85 Ljusa Id=E9er AB SE-200 39 Malmo Fax +46 40 25 85 89 Kantyxegatan 5 Sweden http://www.ljusaideer.se 15 apr 2008 kl. 01.00 skrev Stuart Tremain: > Any ideas on the cookies ???? > > > Regards > > Stuart Tremain > IDFK Web Developments > AUSTRALIA > webdna@idfk.com.au > > > > > On 12/04/2008, at 7:24 AM, Stuart Tremain wrote: >> I have had a hacker safe report about a site that returns a =20 >> vulnerability: >> "Missing Secure Attribute in an Encrypted Session (SSL) Cookie" >> >> Is there a secure switch in the WebDNA [SetCookie] ? >> >> Or would I just put :443 on the end of the domain ? >> >> Regards >> >> Stuart Tremain >> IDFK Web Developments >> AUSTRALIA >> webdna@idfk.com.au >> >> ------------------------------------------------------------- >> This message is sent to you because you are subscribed to >> the mailing list . >> To unsubscribe, E-mail to: >> To switch to the DIGEST mode, E-mail to = > > >> Web Archive of this list is at: http://webdna.smithmicro.com/ > > > ------------------------------------------------------------- > This message is sent to you because you are subscribed to > the mailing list . > To unsubscribe, E-mail to: > To switch to the DIGEST mode, E-mail to = > > Web Archive of this list is at: http://webdna.smithmicro.com/ ------------------------------------------------------------- This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to Web Archive of this list is at: http://webdna.smithmicro.com/ Associated Messages, from the most recent to the oldest:

    
  1. RE: [WebDNA] Secure Cookies ("Scott @ Itsula" 2020)
  2. Re: [WebDNA] Secure Cookies (christophe.billiottet@webdna.us 2020)
  3. Re: [WebDNA] Secure Cookies (Stuart Tremain 2020)
  4. Re: [WebDNA] Secure Cookies (Brian Harrington 2020)
  5. Re: [WebDNA] Secure Cookies (Stuart Tremain 2020)
  6. RE: [WebDNA] Secure Cookies ("Scott @ Itsula" 2020)
  7. Re: [WebDNA] Secure Cookies (Tom Duke 2020)
  8. RE: [WebDNA] Secure Cookies ("Scott @ Itsula" 2020)
  9. Re: [WebDNA] Secure Cookies (Tom Duke 2020)
  10. Re: [WebDNA] Secure Cookies (christophe.billiottet@webdna.us 2020)
  11. Re: [WebDNA] Secure Cookies (Stuart Tremain 2020)
  12. Re: [WebDNA] Secure Cookies (christophe.billiottet@webdna.us 2020)
  13. Re: [WebDNA] Secure Cookies (Stuart Tremain 2020)
  14. Re: [WebDNA] Secure Cookies (Tom Duke 2020)
  15. RE: [WebDNA] Secure Cookies ("Scott @ Itsula" 2020)
  16. [WebDNA] Secure Cookies - Further reading (Stuart Tremain 2020)
  17. [WebDNA] Secure Cookies (Stuart Tremain 2020)
  18. Re: [WebDNA] Secure cookies (HttpOnly/Secure) ("Dan Strong" 2013)
  19. Re: [WebDNA] Secure cookies (HttpOnly/Secure) (Tom Duke 2013)
  20. Re: [WebDNA] Secure cookies (HttpOnly/Secure) (WebDNA 2013)
  21. [WebDNA] Secure cookies (HttpOnly/Secure) ("Dan Strong" 2013)
  22. Re: [WebDNA] Secure Cookies (Tom Duke 2009)
  23. Re: [WebDNA] Secure Cookies (Tom Duke 2009)
  24. Re: [WebDNA] Secure Cookies (William DeVaul 2009)
  25. Re: [WebDNA] Secure Cookies (Tom Duke 2009)
  26. Re: [WebDNA] Secure Cookies (Frank Nordberg 2009)
  27. Re: [WebDNA] Secure Cookies (Govinda 2009)
  28. Re: [WebDNA] Secure Cookies ("Terry Wilson" 2009)
  29. Re: [WebDNA] Secure Cookies (William DeVaul 2009)
  30. Re: [WebDNA] Secure Cookies (William DeVaul 2009)
  31. Re: [WebDNA] Secure Cookies (Stuart Tremain 2009)
  32. Re: [WebDNA] Secure Cookies (Donovan Brooke 2009)
  33. Re: [WebDNA] Secure Cookies (Stuart Tremain 2009)
  34. Re: [WebDNA] Secure Cookies ("Terry Wilson" 2009)
  35. Re: [WebDNA] Secure Cookies (Stuart Tremain 2009)
  36. Re: [WebDNA] Secure Cookies (William DeVaul 2009)
  37. [WebDNA] Secure Cookies (Stuart Tremain 2009)
  38. Re: Secure Cookies ( Stuart Tremain 2008)
  39. Re: Secure Cookies ( Christer Olsson 2008)
  40. Re: Secure Cookies ( Stuart Tremain 2008)
  41. Secure Cookies ( Stuart Tremain 2008)
It's all in the RFC: Basically you should just have to add "&secure=3D" to your SETCOOKIE =20 tag, but WebDNA doesn't seem to add the attribute, so you have to use =20= a simple hack instead: add the text "; to your value parameter, like [SETCOOKIE name=3DmySecureCookie2&value=3DHello!; = secure&domain=3Dwww.mydomain.com=20 ] Best, Christer ************************************************************* Christer Olsson PO Box 9160 Phone +46 40 25 85 85 Ljusa Id=E9er AB SE-200 39 Malmo Fax +46 40 25 85 89 Kantyxegatan 5 Sweden http://www.ljusaideer.se 15 apr 2008 kl. 01.00 skrev Stuart Tremain: > Any ideas on the cookies ???? > > > Regards > > Stuart Tremain > IDFK Web Developments > AUSTRALIA > webdna@idfk.com.au > > > > > On 12/04/2008, at 7:24 AM, Stuart Tremain wrote: >> I have had a hacker safe report about a site that returns a =20 >> vulnerability: >> "Missing Secure Attribute in an Encrypted Session (SSL) Cookie" >> >> Is there a secure switch in the WebDNA [SetCookie] ? >> >> Or would I just put :443 on the end of the domain ? >> >> Regards >> >> Stuart Tremain >> IDFK Web Developments >> AUSTRALIA >> webdna@idfk.com.au >> >> ------------------------------------------------------------- >> This message is sent to you because you are subscribed to >> the mailing list . >> To unsubscribe, E-mail to: >> To switch to the DIGEST mode, E-mail to = > > >> Web Archive of this list is at: http://webdna.smithmicro.com/ > > > ------------------------------------------------------------- > This message is sent to you because you are subscribed to > the mailing list . > To unsubscribe, E-mail to: > To switch to the DIGEST mode, E-mail to = > > Web Archive of this list is at: http://webdna.smithmicro.com/ ------------------------------------------------------------- This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to Web Archive of this list is at: http://webdna.smithmicro.com/ Christer Olsson

DOWNLOAD WEBDNA NOW!

Top Articles:

Talk List

The WebDNA community talk-list is the best place to get some help: several hundred extremely proficient programmers with an excellent knowledge of WebDNA and an excellent spirit will deliver all the tips and tricks you can imagine...

Related Readings:

Nesting format tags (1997) Search Folder? (1998) [searchString] (1997) Server slowing down. (1997) Can't get appendfile to work (1997) WCS Newbie question (1997) military time (2002) More Applescript (1997) changing banners on a page without refresh? (2000) Problems when user hit back (2000) Resume Catalog ? (1997) watch out for format_to_days on NT (1997) problem: mail changed (1997) Great product and great job ! (1997) Did you hear about this? (1997) 2.0 Info (1997) [platform] tag? (1998) anyone using Webcat 4.x in production? (2000) Changes to the List (1997) BW in a search (2007)