By JStarcher on
I ran across a blog today that was a pretty interesting read. It is about protecting your cookies by using HttpOnly flag when you set the cookie. Perhaps Drupal should tighten the security gap as well?
I ran across a blog today that was a pretty interesting read. It is about protecting your cookies by using HttpOnly flag when you set the cookie. Perhaps Drupal should tighten the security gap as well?
Comments
I added this to 7.x
I added this to 7.x - we could backport to 6.x and 5.x, but it would only affect people running more recent PHP versions: http://drupal.org/node/280934
---
Work: Acquia.com
---
Work: BioRAFT