[wp-trac] Re: [WordPress Trac] #7677: WordPress should implement HttpOnly Cookies to slow down XSS

WordPress Trac wp-trac at lists.automattic.com
Wed Sep 3 18:05:18 GMT 2008


#7677: WordPress should implement HttpOnly Cookies to slow down XSS
----------------------------------------------+-----------------------------
 Reporter:  _ck_                              |        Owner:  anonymous
     Type:  defect                            |       Status:  new      
 Priority:  high                              |    Milestone:  2.7      
Component:  Security                          |      Version:           
 Severity:  major                             |   Resolution:           
 Keywords:  cookies needs-patch dev-reviewed  |  
----------------------------------------------+-----------------------------
Comment (by ryan):

 The patch to make it work for < 5.2 is kinda ghetto.  Since this is a
 defense-in-depth security addition and not essential, I think requiring
 5.2 is okay, especially since those concerned with security will be moving
 to PHP 5 now that PHP 4 is eol.

-- 
Ticket URL: <http://trac.wordpress.org/ticket/7677#comment:9>
WordPress Trac <http://trac.wordpress.org/>
WordPress blogging software


More information about the wp-trac mailing list