[Sugar-devel] [PATCH] webactivity: seed the XS cookie at startup
Martin Langhoff
martin.langhoff at gmail.com
Thu Feb 12 05:40:18 EST 2009
On Thu, Feb 12, 2009 at 11:32 PM, Simon Schampijer <simon at schampijer.de> wrote:
> Is your main request to get it into 0.82.1? Is this only a temporary
> solution and we get something else later?
I think it'll be our "current" solution for a while... both branches?
> PS: I am not a security person - so for this discussion of security impact
> you are better of asking someone else - I can only comment on the general
> layout of the patch.
The main 'right way' in security terms is following the 'Plan A' that
I outlined in my other email. It is a ton of work and some parts
require infra in other tools that I'm not sure is ready... so as soon
as a security expert turns up, we'll charge him/her with implementing
it :-)
cheers,
m
--
martin.langhoff at gmail.com
martin at laptop.org -- School Server Architect
- ask interesting questions
- don't get distracted with shiny stuff - working code first
- http://wiki.laptop.org/go/User:Martinlanghoff
More information about the Devel
mailing list