Hello, * 2008-04-05 14:01, Florian Weimer wrote: > * Nico Golde: > > > While I agree that the cookie issues and the session id > > issue is not of an high impact I still think that at least > > the CSRF issue should be fixed cause the exploit scenario > > has a certain real life importance. > > The __ac cookie issue is significant as well if the secure flag is not > set on the cookie even if login happens over HTTPS.
I can't say anything else than "I fully agree", but on a public IRC channel (irc.freenode.net#plone) I only got useless answers from some core Plone developers telling me that these problems are kindergarten. I know that Wichert is working on some of these issues, and this branch will be released as Plone 3.1, but I couldn't find the exact list of issues addressed. -- Fabio Tranchitella http://www.kobold.it Free Software Developer and Consultant http://www.tranchitella.it _____________________________________________________________________ 1024D/7F961564, fpr 5465 6E69 E559 6466 BF3D 9F01 2BF8 EE2B 7F96 1564 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
