- Committer: mattgiuca
- Date: 2008-07-21 04:21:18 UTC
- Revision ID: svn-v3-trunk0:2b9c9e99-6f39-0410-b283-7f802c844ae2:trunk:917
interpret.py: Removed the code which removes HTTP_COOKIE from the CGI
environment. Student code can now access cookies.
Note: This was previously a security risk because malicious code could
steal IVLE cookies. Now that we have separate domain space for other users,
the worst you can do is:
a) Steal your own IVLE cookie.
b) Steal other user's non-IVLE cookies (ie. other public cookies).
This makes all student code vulnerable to cookie theft, but that is simply a
disclaimer (if you use cookies, your apps are vulnerable). It is not a
security risk to IVLE itself.
environment. Student code can now access cookies.
Note: This was previously a security risk because malicious code could
steal IVLE cookies. Now that we have separate domain space for other users,
the worst you can do is:
a) Steal your own IVLE cookie.
b) Steal other user's non-IVLE cookies (ie. other public cookies).
This makes all student code vulnerable to cookie theft, but that is simply a
disclaimer (if you use cookies, your apps are vulnerable). It is not a
security risk to IVLE itself.
| Filename | Latest Rev | Last Changed | Committer | Comment | Size | ||
|---|---|---|---|---|---|---|---|
 ..
|
|||||||
common
|
409 | 17 years ago | mattgiuca | Moved www/conf and www/common to a new directory l |
|
||
|
conf
|
450 | 17 years ago | mattgiuca | Set svn:ignore on a a few more things. |
|
||
|
fileservice_lib
|
411 | 17 years ago | mattgiuca | Renamed lib/fileservice to lib/fileservice_lib (na |
|
||
|
pulldown_subj
|
820 | 16 years ago | mattgiuca | lib: Added new package pulldown_subj, a collection |
|
||