Hey all,
CollabNet (who I work for) has a request to be able to modify JServ to allow
it to *optionally* set the Cookie domain= header to be based on what is sent
in the Host: header by the client. My gut feeling is that there is a
security hole in this somewhere just waiting to get exploited so I'm asking
here to see if anyone else thinks that this is a possible/good/bad idea.
The advantage of allowing this is that you can have JServ respond to any
number of domains with appropriately set cookies.
Comments?
-jon
--
----------------------------------------------------------
To subscribe: [EMAIL PROTECTED]
To unsubscribe: [EMAIL PROTECTED]
Archives and Other: <http://java.apache.org/main/mail.html>
Problems?: [EMAIL PROTECTED]
