fedora hosted, sharding and openid
Toshio Kuratomi
a.badger at gmail.com
Wed Feb 13 22:56:33 UTC 2013
On Wed, Feb 13, 2013 at 11:18:27PM +0100, Patrick Uiterwijk wrote:
> Stealing a cookie would still be possible indeed, but that's also not induced
> by the use of OpenID, just (again) because the cookie is sent in the clear.
>
I agree here. But this does mean that trac should still be accessed via
ssl. There's no way around that unless the application itself (trac) didn't
rely on its own session cookie.
-Toshio
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: not available
URL: <http://lists.fedoraproject.org/pipermail/infrastructure/attachments/20130213/7253c6a6/attachment.sig>
More information about the infrastructure
mailing list