[Bb-trac] Re: [bbPress] #577: bbPress/Wordpress domain name parsing
silent failure
bbPress
bb-trac at lists.bbpress.org
Tue Dec 4 12:04:22 GMT 2007
#577: bbPress/Wordpress domain name parsing silent failure
----------------------------------+-----------------------------------------
Reporter: sambauers | Owner: sambauers
Type: defect | Status: assigned
Priority: low | Milestone: 1.0
Component: Installation/Upgrade | Version: 0.8
Severity: minor | Resolution:
Keywords: wordpress |
----------------------------------+-----------------------------------------
Changes (by sambauers):
* owner: => sambauers
* status: new => assigned
Comment:
Turns out the reg exp is the least of our worries here.
Here is a good write-up of the problem with implementing cookies in non-
gtld domain spaces:
http://www.anu.edu.au/mail-archives/link/link0003/0413.html
This problem opens a huge security gap, stealing cookie data is trivial in
some cases as a result.
I'll work out a way to use as much of the domain that matches as possible
to achieve the greatest level of security possible.
--
Ticket URL: <http://trac.bbpress.org/ticket/577#comment:1>
bbPress <http://bbpress.org/>
Innovative forum development
More information about the Bb-trac
mailing list