- Committer: mattgiuca
- Date: 2008-07-21 04:21:18 UTC
- Revision ID: svn-v3-trunk0:2b9c9e99-6f39-0410-b283-7f802c844ae2:trunk:917
interpret.py: Removed the code which removes HTTP_COOKIE from the CGI
environment. Student code can now access cookies.
Note: This was previously a security risk because malicious code could
steal IVLE cookies. Now that we have separate domain space for other users,
the worst you can do is:
a) Steal your own IVLE cookie.
b) Steal other user's non-IVLE cookies (ie. other public cookies).
This makes all student code vulnerable to cookie theft, but that is simply a
disclaimer (if you use cookies, your apps are vulnerable). It is not a
security risk to IVLE itself.
environment. Student code can now access cookies.
Note: This was previously a security risk because malicious code could
steal IVLE cookies. Now that we have separate domain space for other users,
the worst you can do is:
a) Steal your own IVLE cookie.
b) Steal other user's non-IVLE cookies (ie. other public cookies).
This makes all student code vulnerable to cookie theft, but that is simply a
disclaimer (if you use cookies, your apps are vulnerable). It is not a
security risk to IVLE itself.
| Filename | Latest Rev | Last Changed | Committer | Comment | Size | ||
|---|---|---|---|---|---|---|---|
 ..
|
|||||||
__init__.py |
803 | 16 years ago | dcoles | Setup: Modularised setup.py so it is now no longer | 1 bytes |
|
|
|
build.py |
894 | 16 years ago | wagrant | setup: Don't rebuild the jail by default. Pass -j | 5.2 KB |
|
|
|
configure.py |
893 | 16 years ago | dcoles | Dispatch: Now attempts to log unhandled exceptions | 23.7 KB |
|
|
|
install.py |
825 | 16 years ago | dcoles | Setup: Added missing modules and fixed bad module | 6.4 KB |
|
|
|
listmake.py |
913 | 16 years ago | dcoles | Serve: Broke apart Serve into two parts - a downlo | 5.6 KB |
|
|
|
setuputil.py |
840 | 16 years ago | wagrant | setup: rsync one directory higher. We were too low | 8.5 KB |
|
|