You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@myfaces.apache.org by "Carsten Dimmek (JIRA)" <de...@myfaces.apache.org> on 2011/06/17 12:52:47 UTC
[jira] [Created] (MYFACES-3177) Add secure flag for cookies if the
page is accessed over a secure protocol
Add secure flag for cookies if the page is accessed over a secure protocol
--------------------------------------------------------------------------
Key: MYFACES-3177
URL: https://issues.apache.org/jira/browse/MYFACES-3177
Project: MyFaces Core
Issue Type: Improvement
Affects Versions: 2.0.7
Reporter: Carsten Dimmek
Priority: Minor
We did some security tests for our application and one of the results was that for example the oam.Flash.RENDERMAP.TOKEN should be marked as secure if the page is accessed via https.
http://download.oracle.com/javaee/6/api/javax/servlet/http/Cookie.html#setSecure(boolean)
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (MYFACES-3177) Add secure flag for cookies if
the page is accessed over a secure protocol
Posted by "Jakob Korherr (JIRA)" <de...@myfaces.apache.org>.
[ https://issues.apache.org/jira/browse/MYFACES-3177?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13051203#comment-13051203 ]
Jakob Korherr commented on MYFACES-3177:
----------------------------------------
nice catch - thanks for the report! I am gonna take care of this one.
> Add secure flag for cookies if the page is accessed over a secure protocol
> --------------------------------------------------------------------------
>
> Key: MYFACES-3177
> URL: https://issues.apache.org/jira/browse/MYFACES-3177
> Project: MyFaces Core
> Issue Type: Improvement
> Affects Versions: 2.0.7
> Reporter: Carsten Dimmek
> Priority: Minor
>
> We did some security tests for our application and one of the results was that for example the oam.Flash.RENDERMAP.TOKEN should be marked as secure if the page is accessed via https.
> http://download.oracle.com/javaee/6/api/javax/servlet/http/Cookie.html#setSecure(boolean)
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Resolved] (MYFACES-3177) Add secure flag for cookies if the
page is accessed over a secure protocol
Posted by "Jakob Korherr (JIRA)" <de...@myfaces.apache.org>.
[ https://issues.apache.org/jira/browse/MYFACES-3177?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Jakob Korherr resolved MYFACES-3177.
------------------------------------
Resolution: Fixed
Fix Version/s: 2.1.2-SNAPSHOT
2.0.8-SNAPSHOT
> Add secure flag for cookies if the page is accessed over a secure protocol
> --------------------------------------------------------------------------
>
> Key: MYFACES-3177
> URL: https://issues.apache.org/jira/browse/MYFACES-3177
> Project: MyFaces Core
> Issue Type: Improvement
> Affects Versions: 2.0.7, 2.1.1
> Reporter: Carsten Dimmek
> Assignee: Jakob Korherr
> Priority: Minor
> Fix For: 2.0.8-SNAPSHOT, 2.1.2-SNAPSHOT
>
>
> We did some security tests for our application and one of the results was that for example the oam.Flash.RENDERMAP.TOKEN should be marked as secure if the page is accessed via https.
> http://download.oracle.com/javaee/6/api/javax/servlet/http/Cookie.html#setSecure(boolean)
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira