[Sugar-devel] [PATCH] webactivity: seed the XS cookie at startup

Martin Langhoff martin.langhoff at gmail.com
Thu Feb 12 05:40:18 EST 2009


On Thu, Feb 12, 2009 at 11:32 PM, Simon Schampijer <simon at schampijer.de> wrote:
> Is your main request to get it into 0.82.1? Is this only a temporary
> solution and we get something else later?

I think it'll be our "current" solution for a while... both branches?

> PS: I am not a security person - so for this discussion of security impact
> you are better of asking someone else - I can only comment on the general
> layout of the patch.

The main 'right way' in security terms is following the 'Plan A' that
I outlined in my other email. It is a ton of work and some parts
require infra in other tools that I'm not sure is ready... so as soon
as a security expert turns up, we'll charge him/her with implementing
it :-)

cheers,



m
-- 
 martin.langhoff at gmail.com
 martin at laptop.org -- School Server Architect
 - ask interesting questions
 - don't get distracted with shiny stuff  - working code first
 - http://wiki.laptop.org/go/User:Martinlanghoff



More information about the Devel mailing list