From mboxrd@z Thu Jan  1 00:00:00 1970
From: yngves@sources.redhat.com
To: gnats-prs@sourceware.cygnus.com, guy@gizmoz.com, yngves@sources.redhat.com
Subject: Re: gnatsweb/91: Bad security with cookie
Date: Sun, 19 Aug 2001 14:21:00 -0000
Message-id: <20010819212151.30469.qmail@sourceware.cygnus.com>
X-SW-Source: 2001-q3/msg00068.html
List-Id: <gnats-prs.sourceware.org>

Synopsis: Bad security with cookie

State-Changed-From-To: analyzed->closed
State-Changed-By: yngves
State-Changed-When: Sun Aug 19 14:21:51 2001
State-Changed-Why:
    Two changes made to Gnatsweb 4:
    - username and password are camouflaged in the db_prefs cookie.
    - Added a configuration variable which makes Gnatsweb use only temporary cookies for db_prefs, i.e. cookies that aren't stored on disk and which are deleted when the user exits the browser.
    
    The first measur provides very limited security, but the second one makes things genuinely safer, although it makes things slightly less convenient for users.

http://sources.redhat.com/cgi-bin/gnatsweb.pl?cmd=view&pr=91&database=gnats