[Bb-trac] Re: [bbPress] #958: bbPress should implement HttpOnly
Cookies to slow down XSS
bbPress
bb-trac at lists.bbpress.org
Fri Sep 5 07:07:06 GMT 2008
#958: bbPress should implement HttpOnly Cookies to slow down XSS
-------------------------------+--------------------------------------------
Reporter: _ck_ | Owner:
Type: defect | Status: new
Priority: normal | Milestone: 1.0-beta & XML-RPC
Component: Back-end | Version:
Severity: normal | Resolution:
Keywords: security, cookies |
-------------------------------+--------------------------------------------
Comment (by _ck_):
It's a wonderfully simple concept and is really a matter of just appending
`.'; HttpOnly' to the cookie domain, regardless of official PHP support or
not.
The problem is while all modern browsers support it (and doesn't break any
old browsers) their support is imperfect and needs improvement. But that
will be fixed over time and then users will have robust protection under
WordPress/bbPress. Even with the current state of affairs it does add some
extra security.
--
Ticket URL: <http://trac.bbpress.org/ticket/958#comment:3>
bbPress <http://bbpress.org/>
Innovative forum development
More information about the Bb-trac
mailing list