Re: Secure Cookies

This WebDNA talk-list message is from

2008


It keeps the original formatting.
numero = 70153
interpreted = N
texte = Thanks Christer :) Regards Stuart Tremain IDFK Web Developments AUSTRALIA webdna@idfk.com.au On 15/04/2008, at 3:35 PM, Christer Olsson wrote: > It's all in the RFC: > > > > Basically you should just have to add "&secure=3D" to your SETCOOKIE =20= > tag, but WebDNA doesn't seem to add the attribute, so you have to =20 > use a simple hack instead: add the text "; to your value parameter, =20= > like > > [SETCOOKIE name=3DmySecureCookie2&value=3DHello!; = secure&domain=3Dwww.mydomain.com=20 > ] > > Best, > Christer > > ************************************************************* > Christer Olsson PO Box 9160 Phone +46 40 25 85 85 > Ljusa Id=E9er AB SE-200 39 Malmo Fax +46 40 25 85 89 > Kantyxegatan 5 Sweden http://www.ljusaideer.se > > > > 15 apr 2008 kl. 01.00 skrev Stuart Tremain: >> Any ideas on the cookies ???? >> >> >> Regards >> >> Stuart Tremain >> IDFK Web Developments >> AUSTRALIA >> webdna@idfk.com.au >> >> >> >> >> On 12/04/2008, at 7:24 AM, Stuart Tremain wrote: >>> I have had a hacker safe report about a site that returns a =20 >>> vulnerability: >>> "Missing Secure Attribute in an Encrypted Session (SSL) Cookie" >>> >>> Is there a secure switch in the WebDNA [SetCookie] ? >>> >>> Or would I just put :443 on the end of the domain ? >>> >>> Regards >>> >>> Stuart Tremain >>> IDFK Web Developments >>> AUSTRALIA >>> webdna@idfk.com.au >>> >>> ------------------------------------------------------------- >>> This message is sent to you because you are subscribed to >>> the mailing list . >>> To unsubscribe, E-mail to: >>> To switch to the DIGEST mode, E-mail to = >> > >>> Web Archive of this list is at: http://webdna.smithmicro.com/ >> >> >> ------------------------------------------------------------- >> This message is sent to you because you are subscribed to >> the mailing list . >> To unsubscribe, E-mail to: >> To switch to the DIGEST mode, E-mail to = > > >> Web Archive of this list is at: http://webdna.smithmicro.com/ > > > ------------------------------------------------------------- > This message is sent to you because you are subscribed to > the mailing list . > To unsubscribe, E-mail to: > To switch to the DIGEST mode, E-mail to = > > Web Archive of this list is at: http://webdna.smithmicro.com/ ------------------------------------------------------------- This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to Web Archive of this list is at: http://webdna.smithmicro.com/ Associated Messages, from the most recent to the oldest:

    
  1. RE: [WebDNA] Secure Cookies ("Scott @ Itsula" 2020)
  2. Re: [WebDNA] Secure Cookies (christophe.billiottet@webdna.us 2020)
  3. Re: [WebDNA] Secure Cookies (Stuart Tremain 2020)
  4. Re: [WebDNA] Secure Cookies (Brian Harrington 2020)
  5. Re: [WebDNA] Secure Cookies (Stuart Tremain 2020)
  6. RE: [WebDNA] Secure Cookies ("Scott @ Itsula" 2020)
  7. Re: [WebDNA] Secure Cookies (Tom Duke 2020)
  8. RE: [WebDNA] Secure Cookies ("Scott @ Itsula" 2020)
  9. Re: [WebDNA] Secure Cookies (Tom Duke 2020)
  10. Re: [WebDNA] Secure Cookies (christophe.billiottet@webdna.us 2020)
  11. Re: [WebDNA] Secure Cookies (Stuart Tremain 2020)
  12. Re: [WebDNA] Secure Cookies (christophe.billiottet@webdna.us 2020)
  13. Re: [WebDNA] Secure Cookies (Stuart Tremain 2020)
  14. Re: [WebDNA] Secure Cookies (Tom Duke 2020)
  15. RE: [WebDNA] Secure Cookies ("Scott @ Itsula" 2020)
  16. [WebDNA] Secure Cookies - Further reading (Stuart Tremain 2020)
  17. [WebDNA] Secure Cookies (Stuart Tremain 2020)
  18. Re: [WebDNA] Secure cookies (HttpOnly/Secure) ("Dan Strong" 2013)
  19. Re: [WebDNA] Secure cookies (HttpOnly/Secure) (Tom Duke 2013)
  20. Re: [WebDNA] Secure cookies (HttpOnly/Secure) (WebDNA 2013)
  21. [WebDNA] Secure cookies (HttpOnly/Secure) ("Dan Strong" 2013)
  22. Re: [WebDNA] Secure Cookies (Tom Duke 2009)
  23. Re: [WebDNA] Secure Cookies (Tom Duke 2009)
  24. Re: [WebDNA] Secure Cookies (William DeVaul 2009)
  25. Re: [WebDNA] Secure Cookies (Tom Duke 2009)
  26. Re: [WebDNA] Secure Cookies (Frank Nordberg 2009)
  27. Re: [WebDNA] Secure Cookies (Govinda 2009)
  28. Re: [WebDNA] Secure Cookies ("Terry Wilson" 2009)
  29. Re: [WebDNA] Secure Cookies (William DeVaul 2009)
  30. Re: [WebDNA] Secure Cookies (William DeVaul 2009)
  31. Re: [WebDNA] Secure Cookies (Stuart Tremain 2009)
  32. Re: [WebDNA] Secure Cookies (Donovan Brooke 2009)
  33. Re: [WebDNA] Secure Cookies (Stuart Tremain 2009)
  34. Re: [WebDNA] Secure Cookies ("Terry Wilson" 2009)
  35. Re: [WebDNA] Secure Cookies (Stuart Tremain 2009)
  36. Re: [WebDNA] Secure Cookies (William DeVaul 2009)
  37. [WebDNA] Secure Cookies (Stuart Tremain 2009)
  38. Re: Secure Cookies ( Stuart Tremain 2008)
  39. Re: Secure Cookies ( Christer Olsson 2008)
  40. Re: Secure Cookies ( Stuart Tremain 2008)
  41. Secure Cookies ( Stuart Tremain 2008)
Thanks Christer :) Regards Stuart Tremain IDFK Web Developments AUSTRALIA webdna@idfk.com.au On 15/04/2008, at 3:35 PM, Christer Olsson wrote: > It's all in the RFC: > > > > Basically you should just have to add "&secure=3D" to your SETCOOKIE =20= > tag, but WebDNA doesn't seem to add the attribute, so you have to =20 > use a simple hack instead: add the text "; to your value parameter, =20= > like > > [SETCOOKIE name=3DmySecureCookie2&value=3DHello!; = secure&domain=3Dwww.mydomain.com=20 > ] > > Best, > Christer > > ************************************************************* > Christer Olsson PO Box 9160 Phone +46 40 25 85 85 > Ljusa Id=E9er AB SE-200 39 Malmo Fax +46 40 25 85 89 > Kantyxegatan 5 Sweden http://www.ljusaideer.se > > > > 15 apr 2008 kl. 01.00 skrev Stuart Tremain: >> Any ideas on the cookies ???? >> >> >> Regards >> >> Stuart Tremain >> IDFK Web Developments >> AUSTRALIA >> webdna@idfk.com.au >> >> >> >> >> On 12/04/2008, at 7:24 AM, Stuart Tremain wrote: >>> I have had a hacker safe report about a site that returns a =20 >>> vulnerability: >>> "Missing Secure Attribute in an Encrypted Session (SSL) Cookie" >>> >>> Is there a secure switch in the WebDNA [SetCookie] ? >>> >>> Or would I just put :443 on the end of the domain ? >>> >>> Regards >>> >>> Stuart Tremain >>> IDFK Web Developments >>> AUSTRALIA >>> webdna@idfk.com.au >>> >>> ------------------------------------------------------------- >>> This message is sent to you because you are subscribed to >>> the mailing list . >>> To unsubscribe, E-mail to: >>> To switch to the DIGEST mode, E-mail to = >> > >>> Web Archive of this list is at: http://webdna.smithmicro.com/ >> >> >> ------------------------------------------------------------- >> This message is sent to you because you are subscribed to >> the mailing list . >> To unsubscribe, E-mail to: >> To switch to the DIGEST mode, E-mail to = > > >> Web Archive of this list is at: http://webdna.smithmicro.com/ > > > ------------------------------------------------------------- > This message is sent to you because you are subscribed to > the mailing list . > To unsubscribe, E-mail to: > To switch to the DIGEST mode, E-mail to = > > Web Archive of this list is at: http://webdna.smithmicro.com/ ------------------------------------------------------------- This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to Web Archive of this list is at: http://webdna.smithmicro.com/ Stuart Tremain

DOWNLOAD WEBDNA NOW!

Top Articles:

Talk List

The WebDNA community talk-list is the best place to get some help: several hundred extremely proficient programmers with an excellent knowledge of WebDNA and an excellent spirit will deliver all the tips and tricks you can imagine...

Related Readings:

Banners (1997) Migrating to NT (1997) cart (1997) How to implement 'email to a friend' feature? (2002) webcat plugin issue (2001) Email within tmpl ? (1997) Nested tags count question (1997) How do you cause a new window to appear behind the current (1999) Client-side Image Maps and WebCat? (1998) NetSplat and WebCat2 (1997) Happy New Year (2008) WebCatalog for Mac 2.0.1 Released (1997) PSC recommends what date format yr 2000??? (1997) about this server and links to who (1997) Some shell fun (2004) Netscape v. IE (1997) 'RequiredField' Question (1998) anyone using Webcat 4.x in production? (2000) SMSI FTP - calander system (2002) Lost and Recovered. (1998)