← Back to branch summary

~azzar1/unity/add-show-desktop-key

  • Committer: mattgiuca
  • Date: 2008-07-21 04:21:18 UTC
  • Revision ID: svn-v3-trunk0:2b9c9e99-6f39-0410-b283-7f802c844ae2:trunk:917
interpret.py: Removed the code which removes HTTP_COOKIE from the CGI
    environment. Student code can now access cookies.
Note: This was previously a security risk because malicious code could
steal IVLE cookies. Now that we have separate domain space for other users,
the worst you can do is:
    a) Steal your own IVLE cookie.
    b) Steal other user's non-IVLE cookies (ie. other public cookies).

This makes all student code vulnerable to cookie theft, but that is simply a
disclaimer (if you use cookies, your apps are vulnerable). It is not a
security risk to IVLE itself.
Filename Latest Rev Last Changed Committer Comment Size
..
migrations 875 16 years ago mattgiuca Added "migrations" directory, which contains incre Diff
forum_data.sql 624 17 years ago dcoles forum: Removed the subsilver2 style and phpBB inst 68.3 KB Diff Download File
forum_schema.sql 624 17 years ago dcoles forum: Removed the subsilver2 style and phpBB inst 46.2 KB Diff Download File
query.py 25 17 years ago drtomc A bit more work on the userdb stuff. 927 bytes Diff Download File
README 25 17 years ago drtomc A bit more work on the userdb stuff. 211 bytes Diff Download File
users.png 447 17 years ago stevenbird graphic for user database schema 52.6 KB Diff Download File
users.sql 916 16 years ago mattgiuca userdb: Added constraints UNIQUE and NOT NULL to s 6.2 KB Diff Download File
users.vpp 447 17 years ago stevenbird graphic for user database schema 80.1 KB Diff Download File