Обсуждение: [pgAdmin4] To make session cookie more secure (Server mode)

Поиск
Список
Период
Сортировка

[pgAdmin4] To make session cookie more secure (Server mode)

От
Murtuza Zabuawala
Дата:
Hi,

PFA minor patch to make to make session cookie more secure in Server mode.
We will set SESSION_COOKIE_SAMESITE='Lax' in the config file. 
'Lax' option prevents sending cookies with CSRF-prone requests from external sites, such as submitting a form.
RM#3342

P
​lease review.

--
Regards,
Murtuza Zabuawala
EnterpriseDB: http://www.enterprisedb.com
The Enterprise PostgreSQL Company

Вложения

Re: [pgAdmin4] To make session cookie more secure (Server mode)

От
Dave Page
Дата:
Thanks, patch applied.

On Wed, May 9, 2018 at 8:33 AM, Murtuza Zabuawala <murtuza.zabuawala@enterprisedb.com> wrote:
Hi,

PFA minor patch to make to make session cookie more secure in Server mode.
We will set SESSION_COOKIE_SAMESITE='Lax' in the config file. 
'Lax' option prevents sending cookies with CSRF-prone requests from external sites, such as submitting a form.
RM#3342

P
​lease review.

--
Regards,
Murtuza Zabuawala
EnterpriseDB: http://www.enterprisedb.com
The Enterprise PostgreSQL Company




--
Dave Page
Blog: http://pgsnake.blogspot.com
Twitter: @pgsnake

EnterpriseDB UK: http://www.enterprisedb.com
The Enterprise PostgreSQL Company