Does anyone know of a flag that can be set in server.ini, header.htx or elsewhere to force HttpOnly cookies?
We have TrustWave run security audits of our site and it reported the TeraScript_UserReference cookie as not being httpOnly. Abashedly, we're still on version 6. Cookie HttpOnly Flag: false Cookie Name: TeraScript_UserReference Cookie Value: 0A33058B46F25B6F6C2636F1472A5B33BA63 Remediation: Contact the vendor of this web application and request the HttpOnly flag be set on session cookies. https://www.owasp.org/index.php/SecureFlag Thank you, Matt ________________________________________________ Matt Muro Associate Director for Software Development Harvard University Division of Continuing Education phone: 617-998-8522 [email protected] On Wed, Nov 22, 2017 at 6:16 PM <[email protected]> wrote: > You may also have to install Java 6 in addition ... doesn't harm any > applications requiring Java 8, but I think v 7 needed v 6. (High Sierra may > have deleted v 6 on install.) > > Just guessing here. I have been pretty cautious about moving from Sierra > to High Sierra just yet. > > --------------- > Sent from my Mega iPad �� > > On Nov 22, 2017, 5:09 PM -0500, D Mark Weiss <[email protected]>, wrote: > > I upgraded to OSX 10.13 High Sierra. I try to connect to an app and the > events log says that server is crashing as it is unable to connect to the > java vm. I check the events log and it says that the Java VM isn’t loading. > > I have downloaded 7.1.3 and completed a reinstall and still no joy. > > I remove the path to the java vm from server.ini and the taf loads html > pages, but when I try to hit the db, I get this... > > Unable to communicate with the specified data source. > Can't support JDBC datasource, the java VM is not loaded > > I delete the path to the Java VM. I check the path and permissions and the > permissions don’t seem to have changed and the Java VM is in the right > folder with the alias pointing correctly to it. > > I installed the latest version 8 of Java on my machine. Still no joy. > > Has anyone else had this problem? If so, what are some of my options.. > > Thank you, > > Mark > > > ---------------------------------------- > > To unsubscribe from this list, please send an email to > [email protected] with "unsubscribe terascript-talk" in the body. > > > > Email secured by Check Point > > ---------------------------------------- To unsubscribe from this list, please send an email to [email protected] with "unsubscribe terascript-talk" in the body.
