diff options
author | Peter Hartmann <peter.hartmann@nokia.com> | 2010-11-19 14:24:35 (GMT) |
---|---|---|
committer | Peter Hartmann <peter.hartmann@nokia.com> | 2011-01-05 15:19:49 (GMT) |
commit | 0c07af230d016aab6e416ae57594189ab9953101 (patch) | |
tree | 8c43ecdf2c622a8f5a9a6ee5bb96a36b9c90e3c5 /header.LGPL-ONLY | |
parent | 4836d809f5dc3fc9e978ef630c0e5c8847c171a7 (diff) | |
download | Qt-0c07af230d016aab6e416ae57594189ab9953101.zip Qt-0c07af230d016aab6e416ae57594189ab9953101.tar.gz Qt-0c07af230d016aab6e416ae57594189ab9953101.tar.bz2 |
cookie jar code: enhance security by keeping track of effective TLDs
The problem was the following: According to the cookie RFC, domains must
have at least one dot in their name for setting a cookie (e.g. domain
example.com can set a cookie for ".example.com" but not for ".com").
The problem is: Following this rule, one could still set "supercookies"
for e.g. ".co.uk".
The solution is to generate a table from
http://publicsuffix.org which maintains a list of all "effective" TLDs
like e.g. ".co.uk".
Reviewed-by: Olivier Goffart
Task-number: QTBUG-14706
Diffstat (limited to 'header.LGPL-ONLY')
0 files changed, 0 insertions, 0 deletions