Re: SQM-1.5 check security Cookie httponly flag

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



(#2 reformated, f*ck webmailer...)
Hallo,

Our services must pass a scan test.
Nikto say:

+ GET Cookie SQMSESSID created without the httponly flag

I have not found a config option.

I found following function:

# vi ./functions/global.php
    589 function sqsetcookie($sName, $sValue='deleted', $iExpire=0, $sPath="", $sDomain="",
    590                      $bSecure=false, $bHttpOnly=true, $bReplace=false) {

But all calls use only 4 options (example):
      663             sqsetcookie(session_name(), session_id(), 0, $base_uri);

I have tried following changes, but without success:

# diff ./functions/global.php.org ./functions/global.php
590c590
                      $bSecure=true, $bHttpOnly=true, $bReplace=false) {

Howto create Cookie with httponly flag?

Regards Heimo.


SquirrelMail version 1.5.1

-- 




Schon gewusst?! Neben dem E-Mail-Postfach bietet freenet.de auch eine
INTEGRIERTE CLOUD-LÖSUNG MIT 3 GB SPEICHER und das alles KOMPLETT
KOSTENFREI.
https://email.freenet.de/index.html
[https://email.freenet.de/index.html?utm_medium=Mail%20Basic&utm_source=Mailfooter&utm_campaign=Footer%20A&epid=e9900000927&utm_content=Link]


------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
-----
squirrelmail-users mailing list
Posting guidelines: http://squirrelmail.org/postingguidelines
List address: squirrelmail-users@xxxxxxxxxxxxxxxxxxxxx
List archives: http://news.gmane.org/gmane.mail.squirrelmail.user
List info (subscribe/unsubscribe/change options): https://lists.sourceforge.net/lists/listinfo/squirrelmail-users




[Index of Archives]     [Video For Linux]     [Yosemite News]     [Yosemite Photos]     [gtk]     [KDE]     [Cyrus SASL]     [Gimp on Windows]     [Steve's Art]     [Webcams]

  Powered by Linux