[prev in list] [next in list] [prev in thread] [next in thread] 

List:       kde-core-devel
Subject:    Re: Bug w/ bugzilla and loadbalancing
From:       Stephan Kulow <coolo () kde ! org>
Date:       2002-09-20 20:17:05
[Download RAW message or body]

On Friday 20 September 2002 01:44, Dirk Mueller wrote:
> On Don, 19 Sep 2002, Daniel Naber wrote:
> > > But I feel unsafe in changing that. Could someone explain?
> >
> > http://bugzilla.mozilla.org/show_bug.cgi?id=20122
> > So long actually that I didn't read it :-)
>
> Read it. Basically its just a security measure against a cookie stealing
> attack.
>

>
> There is a patch for this case attached to the bugreport but it doesn't
> seem to be optimal. at least not clean enough for committing it.
Right. My fix would be to put the IP in the cookie path. That would solve
the actual problem that your cookie for IP A goes away as soon as IP B
appears. Of course you still had to relogin on IP change.

But as noone even noted it in 20122 I wonder if it's completly bogus :)

Greetings, Stephan


[prev in list] [next in list] [prev in thread] [next in thread]