Login | Register For Free | Help	Search this list this category for: (Advanced)

Mailing List Archive: Catalyst: Dev Proposal: C::Plugin::Session new option verify_user_agent   Index | Next | Previous | View Flat

kmx at volny Jun 12, 2009, 10:49 AM Views: 830 Permalink Proposal: C::Plugin::Session new option verify_user_agent Hi, I have prepared a patch proposal for a new verify_user_agent configuration option. It is very similar to verify_address; it checks whether the User-agent string from http request header has change since session initialization. I know that it is not bullet-proof on the other hand a regular user does not change his/her User-agent string so often therefore it could contribute a bit to mitigation of session hijacking attacks. Please have a look at SVN (I have prepared also some .t and doc patch) http://dev.catalystframework.org/repos/Catalyst/Catalyst-Plugin-Session/0.00/branches/verify_user_agent/ I would appreciate if you could consider merging my branche into trunk. Thanks. -- kmx

Subject User Time Proposal: C::Plugin::Session new option verify_user_agent kmx at volny Jun 12, 2009, 10:49 AM     Re: Proposal: C::Plugin::Session new option verify_user_agent bobtfish at bobtfish Jun 16, 2009, 12:41 PM

Index | Next | Previous | View Flat   Catalyst     Users     Dev

Interested in having your list archived? Contact lists@gossamer-threads.com
 

Web Applications & Managed Hosting Powered by Gossamer Threads Inc.