[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: Gmail/SSL

On Mon, Mar 10, 2008 at 5:37 PM, coderman <coderman@xxxxxxxxx> wrote:
> ...
>  managing this on your end transparently makes it impossible to
>  exploit.

i am referring solely to the auth cookie management here; host and
browser vulnerabilities that bypass SSL/TLS protections are an
entirely different problem...

regarding the modification of cookie parameters via browser plugin,
"Modify Headers" [0] might be a close fit needing only a few tweaks to
implement secure only.

0. https://addons.mozilla.org/en-US/firefox/addon/967