Bug w/ bugzilla and loadbalancing

Stephan Kulow coolo at kde.org
Fri Sep 20 21:17:05 BST 2002

On Friday 20 September 2002 01:44, Dirk Mueller wrote:
> On Don, 19 Sep 2002, Daniel Naber wrote:
> > > But I feel unsafe in changing that. Could someone explain?
> >
> > http://bugzilla.mozilla.org/show_bug.cgi?id=20122
> > So long actually that I didn't read it :-)
> Read it. Basically its just a security measure against a cookie stealing
> attack.

> There is a patch for this case attached to the bugreport but it doesn't
> seem to be optimal. at least not clean enough for committing it.
Right. My fix would be to put the IP in the cookie path. That would solve
the actual problem that your cookie for IP A goes away as soon as IP B
appears. Of course you still had to relogin on IP change.

But as noone even noted it in 20122 I wonder if it's completly bogus :)

Greetings, Stephan

More information about the kde-core-devel mailing list