[TYPO3-v4] Enable $TYPO3_CONF_VARS['SYS']['cookieHttpOnly'] by default in 4.7
Steffen Gebert
steffen.gebert at typo3.org
Sat Jan 14 01:12:27 CET 2012
Hi Steffen,
> httponly cookie help to avoid stealing cookies using JavaScript XSS attacks.
>
> 2) I plead for turning this option on by default for 4.7 release,
> because it's a security improvement.
not verified, but I guess the Flash Uploader (swfupload) in the backend
requires cookies.
Kind regards
Steffen
--
Steffen Gebert
TYPO3 v4 Core Team Member
TYPO3 Server Administration Team Member
TYPO3 .... inspiring people to share!
Get involved: http://typo3.org
More information about the TYPO3-project-v4
mailing list