[dokuwiki] Re: Restricted content leaking through RSS

• From: Sander Tekelenburg <tekelenb@xxxxxxxxxx>
• To: dokuwiki@xxxxxxxxxxxxx
• Date: Thu, 7 May 2009 20:05:50 +0200

At 12:00 +0100 UTC, on 2009-05-07, Christopher Smith wrote:

[...]

> I'm speculating here.  Is it possible the client is sending a valid
> dokuwiki credentials cookie?

Ooh, good catch! Testing with a few different RSS clients with virginal
settings, the problem can not be reproduced. So yes, it must be the RSS
client that (ab)uses cookies across different feeds. I guess this can then be
considered as merely slightly annoying rss client behaviour, no real security
risk.

I suppose this means it's not something Dokuwiki needs to even try to avoid.
(Let alone *can* avoid. I don't know much about cookies; whether they *can*
be made restrictive enough to not allow this.)


-- 
Sander Tekelenburg, <http://www.euronet.nl/~tekelenb/>
-- 
DokuWiki mailing list - more info at
http://wiki.splitbrain.org/wiki:mailinglist

• Follow-Ups:
  • [dokuwiki] Re: Restricted content leaking through RSS
    • From: Andy Webber

• References:
  • [dokuwiki] Re: Restricted content leaking through RSS
    • From: Andreas Gohr
  • [dokuwiki] Re: Restricted content leaking through RSS
    • From: Sander Tekelenburg
  • [dokuwiki] Re: Restricted content leaking through RSS
    • From: Christopher Smith

Other related posts:

• » [dokuwiki] Restricted content leaking through RSS- Sander Tekelenburg
• » [dokuwiki] Re: Restricted content leaking through RSS- Andreas Gohr
• » [dokuwiki] Re: Restricted content leaking through RSS- Sander Tekelenburg
• » [dokuwiki] Re: Restricted content leaking through RSS- Christopher Smith
• » [dokuwiki] Re: Restricted content leaking through RSS - Sander Tekelenburg
• » [dokuwiki] Re: Restricted content leaking through RSS- Andy Webber

1. Home
2. dokuwiki
3. Archive
4. 05-2009

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---