<a href="http://g.adspeed.net/ad.php?do=clk&zid=14678&wd=728&ht=90&pair=as" target="_top"><img style="border:0px;" src="http://g.adspeed.net/ad.php?do=img&zid=14678&wd=728&ht=90&pair=as" alt="i" width="728" height="90"/></a>

Nmap Security Scanner

Docs
Security Lists

Full Disclosure

More
Security Tools

Packet crafters

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

edgeos

WebApp Sec: Re: Reviewing security parameters

Re: Reviewing security parameters

From: Jared <jared_at_geek-boy.com>
Date: Fri, 16 Apr 2004 17:34:29 -0400

On Apr 16, 2004, at 3:01 PM, V. Poddubniy wrote:

> Don't forget to set cookie as HttpOnly (this is useful at least for
> users of IE 6 SP1). This will tell browser not to tell on-page scrips
> (javascript, etc.) the cookie.

how does one do this? I was under the impression that you could set a
cookie to only be sent via HTTPS/SSL, but not with any other
restrictions.

Is this a feature that is unique to a particular web application
environment, i.e. ASP.Net, PHP, JSP?

cheers,

- Jared

-- 
Happiness is a warm laptop.

Received on Apr 16 2004

This message: [ Message body ]
Next message: Matt Summers: "Re: Reviewing security parameters"
Previous message: Auri A. Rahimzadeh: "RE: Reviewing security parameters"
In reply to: V. Poddubniy: "RE: Reviewing security parameters"
Next in thread: Matt Summers: "Re: Reviewing security parameters"
Reply: Matt Summers: "Re: Reviewing security parameters"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]