- Committer: mattgiuca
- Date: 2008-07-21 04:21:18 UTC
- Revision ID: svn-v3-trunk0:2b9c9e99-6f39-0410-b283-7f802c844ae2:trunk:917
interpret.py: Removed the code which removes HTTP_COOKIE from the CGI
environment. Student code can now access cookies.
Note: This was previously a security risk because malicious code could
steal IVLE cookies. Now that we have separate domain space for other users,
the worst you can do is:
a) Steal your own IVLE cookie.
b) Steal other user's non-IVLE cookies (ie. other public cookies).
This makes all student code vulnerable to cookie theft, but that is simply a
disclaimer (if you use cookies, your apps are vulnerable). It is not a
security risk to IVLE itself.
environment. Student code can now access cookies.
Note: This was previously a security risk because malicious code could
steal IVLE cookies. Now that we have separate domain space for other users,
the worst you can do is:
a) Steal your own IVLE cookie.
b) Steal other user's non-IVLE cookies (ie. other public cookies).
This makes all student code vulnerable to cookie theft, but that is simply a
disclaimer (if you use cookies, your apps are vulnerable). It is not a
security risk to IVLE itself.
| Filename | Latest Rev | Last Changed | Committer | Comment | Size | ||
|---|---|---|---|---|---|---|---|
 ..
|
|||||||
apps
|
144 | 17 years ago | mattgiuca | Trunk, and all subdirectories with Python files: |
|
||
|
auth
|
144 | 17 years ago | mattgiuca | Trunk, and all subdirectories with Python files: |
|
||
|
dispatch
|
144 | 17 years ago | mattgiuca | Trunk, and all subdirectories with Python files: |
|
||
|
media
|
93 | 17 years ago | mattgiuca | New directory hierarchy. Renamed src to www. Added |
|
||
|
php
|
443 | 17 years ago | dcoles | Added Forum application along with unmodifed versi |
|
||
|
plugins
|
329 | 17 years ago | mattgiuca | Converted Console from an "app" into a "plugin". I |
|
||
README |
396 | 17 years ago | drtomc | Alter the apache config so that session objects ge | 3.5 KB |
|
|