Hi,
One of our users is using a security scanner to scan our application. The report came back with these vulnerabilities:
-----------------------------------------
isc_cState Cookie has problem(s):
Cookie does not have HTTPOnly attribute.
GLog Cookie has problem(s):
1) Cookie does not have secure attribute.
2) Cookie does not have HTTPOnly attribute.
Remediation Tips:
Insecure Cookies: For security of sensitive information, cookies must be marked as secure and only be transmitted if the communications
channel with the host is a secure one. Servers should use SSL in this case.
HTTPOnly Cookies: To avoid access and manipulation of cookies in the script, the HTTPOnly attribute should be set for the cookie.
-----------------------------------------
I'm wondering if you have a newer version with these issues addressed, e.g. tracking isc_cState, GLog with javascript variable instead of cookies.
One of our users is using a security scanner to scan our application. The report came back with these vulnerabilities:
-----------------------------------------
isc_cState Cookie has problem(s):
Cookie does not have HTTPOnly attribute.
GLog Cookie has problem(s):
1) Cookie does not have secure attribute.
2) Cookie does not have HTTPOnly attribute.
Remediation Tips:
Insecure Cookies: For security of sensitive information, cookies must be marked as secure and only be transmitted if the communications
channel with the host is a secure one. Servers should use SSL in this case.
HTTPOnly Cookies: To avoid access and manipulation of cookies in the script, the HTTPOnly attribute should be set for the cookie.
-----------------------------------------
I'm wondering if you have a newer version with these issues addressed, e.g. tracking isc_cState, GLog with javascript variable instead of cookies.
Comment