Uploaded image for project: 'Camunda Optimize'
  1. Camunda Optimize
  2. OPT-1996

Hamper cookie theft in Optimize

    XMLWordPrintable

Details

    • Task
    • Status: Done
    • L3 - Default
    • Resolution: Done
    • None
    • 2.4.0
    • backend

    Description

      AT:

      • for the Optimize cookie the secure and httponly flags are set
      • the http connector can be disabled
      • the http connector is disabled by default
      • the client side (front-end) does not access the cookies any longer
      • the cookie handling is fully handled on server side
      • the configuration documentation in the technical guide is adjusted to changes in the configuration

      Background:

      • The HTTP-Only Flag prevents JavaScript from accessing the cookies!
      • USE SECURE-Flag for cookies if you use HTTPS
      • The two flags make it a lot harder to steal the cockie and with it the user session
      • http is insecure and allows to record the whole conversation, e.g. steal session ids, username/passwords, if used in an untrusted environment

      mgm-controller-panel

        This is the controller panel for Smart Panels app

        Attachments

          There are no Sub-Tasks for this issue.

          Activity

            People

              Unassigned Unassigned
              johannes.heinemann Johannes Heinemann
              Votes:
              0 Vote for this issue
              Watchers:
              0 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Salesforce