You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@myfaces.apache.org by "Carsten Dimmek (JIRA)" <de...@myfaces.apache.org> on 2011/06/17 12:52:47 UTC

[jira] [Created] (MYFACES-3177) Add secure flag for cookies if the page is accessed over a secure protocol

Add secure flag for cookies if the page is accessed over a secure protocol
--------------------------------------------------------------------------

                 Key: MYFACES-3177
                 URL: https://issues.apache.org/jira/browse/MYFACES-3177
             Project: MyFaces Core
          Issue Type: Improvement
    Affects Versions: 2.0.7
            Reporter: Carsten Dimmek
            Priority: Minor


We did some security tests for our application and one of the results was that for example the oam.Flash.RENDERMAP.TOKEN should be marked as secure if the page is accessed via https.


http://download.oracle.com/javaee/6/api/javax/servlet/http/Cookie.html#setSecure(boolean)

--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira

[jira] [Commented] (MYFACES-3177) Add secure flag for cookies if the page is accessed over a secure protocol

Posted by "Jakob Korherr (JIRA)" <de...@myfaces.apache.org>.

    [ https://issues.apache.org/jira/browse/MYFACES-3177?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13051203#comment-13051203 ] 

Jakob Korherr commented on MYFACES-3177:
----------------------------------------

nice catch - thanks for the report! I am gonna take care of this one.

> Add secure flag for cookies if the page is accessed over a secure protocol
> --------------------------------------------------------------------------
>
>                 Key: MYFACES-3177
>                 URL: https://issues.apache.org/jira/browse/MYFACES-3177
>             Project: MyFaces Core
>          Issue Type: Improvement
>    Affects Versions: 2.0.7
>            Reporter: Carsten Dimmek
>            Priority: Minor
>
> We did some security tests for our application and one of the results was that for example the oam.Flash.RENDERMAP.TOKEN should be marked as secure if the page is accessed via https.
> http://download.oracle.com/javaee/6/api/javax/servlet/http/Cookie.html#setSecure(boolean)

--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira

[jira] [Resolved] (MYFACES-3177) Add secure flag for cookies if the page is accessed over a secure protocol

Posted by "Jakob Korherr (JIRA)" <de...@myfaces.apache.org>.

     [ https://issues.apache.org/jira/browse/MYFACES-3177?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Jakob Korherr resolved MYFACES-3177.
------------------------------------

       Resolution: Fixed
    Fix Version/s: 2.1.2-SNAPSHOT
                   2.0.8-SNAPSHOT

> Add secure flag for cookies if the page is accessed over a secure protocol
> --------------------------------------------------------------------------
>
>                 Key: MYFACES-3177
>                 URL: https://issues.apache.org/jira/browse/MYFACES-3177
>             Project: MyFaces Core
>          Issue Type: Improvement
>    Affects Versions: 2.0.7, 2.1.1
>            Reporter: Carsten Dimmek
>            Assignee: Jakob Korherr
>            Priority: Minor
>             Fix For: 2.0.8-SNAPSHOT, 2.1.2-SNAPSHOT
>
>
> We did some security tests for our application and one of the results was that for example the oam.Flash.RENDERMAP.TOKEN should be marked as secure if the page is accessed via https.
> http://download.oracle.com/javaee/6/api/javax/servlet/http/Cookie.html#setSecure(boolean)

--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira