- Committer: mattgiuca
- Date: 2008-07-21 04:21:18 UTC
- Revision ID: svn-v3-trunk0:2b9c9e99-6f39-0410-b283-7f802c844ae2:trunk:917
interpret.py: Removed the code which removes HTTP_COOKIE from the CGI
environment. Student code can now access cookies.
Note: This was previously a security risk because malicious code could
steal IVLE cookies. Now that we have separate domain space for other users,
the worst you can do is:
a) Steal your own IVLE cookie.
b) Steal other user's non-IVLE cookies (ie. other public cookies).
This makes all student code vulnerable to cookie theft, but that is simply a
disclaimer (if you use cookies, your apps are vulnerable). It is not a
security risk to IVLE itself.
environment. Student code can now access cookies.
Note: This was previously a security risk because malicious code could
steal IVLE cookies. Now that we have separate domain space for other users,
the worst you can do is:
a) Steal your own IVLE cookie.
b) Steal other user's non-IVLE cookies (ie. other public cookies).
This makes all student code vulnerable to cookie theft, but that is simply a
disclaimer (if you use cookies, your apps are vulnerable). It is not a
security risk to IVLE itself.
| Filename | Latest Rev | Last Changed | Committer | Comment | Size | ||
|---|---|---|---|---|---|---|---|
 ..
|
|||||||
Makefile |
337 | 17 years ago | drtomc | Make trampoline use the path canonicalization code | 91 bytes |
|
|
|
norm.c |
337 | 17 years ago | drtomc | Make trampoline use the path canonicalization code | 4.5 KB |
|
|
|
norm.dot |
335 | 17 years ago | drtomc | Log live pushdown automata! Sat down and *thought* | 558 bytes |
|
|
|
norm.h |
337 | 17 years ago | drtomc | Make trampoline use the path canonicalization code | 245 bytes |
|
|
|
test.c |
336 | 17 years ago | drtomc | Rename main.c to test.c. Should have been that in | 495 bytes |
|
|
|
trampoline.c |
899 | 16 years ago | wagrant | trampoline: Limit data, not virtual memory, so we | 9.5 KB |
|
|