[Cosmo-dev] CosmoCred cookie being sent on wire
Jared Rhine
jared at wordzoo.com
Tue May 15 14:29:44 PDT 2007
While crusing the logs on hub.chandlerproject.org, I noted that the
"CosmoCred" cookie is being sent to the server. The contents of this
cookie are security-sensitive (contains the unencrypted password), and
thus is a security risk in certain situations.
I've filed a bug:
https://bugzilla.osafoundation.org/show_bug.cgi?id=9149
to which I've attached a proposed patch.
I am not planning to update our production servers with this change, but
it's a must-have for Cosmo 0.7 and a should-have if any Cosmo 0.6.1.1 is
released.
-- Jared
More information about the cosmo-dev
mailing list