Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Not if you set the Domain attribute of the cookie properly, this is a poor software problem, not second-level domain problem.


True, but simple mitigations can be powerful ...

Sidenote: If leaking cookies to your own subdomains is a risk, one might also have other problems already. Point is: I explained the potential risk. Evaluating one has to do oneself




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: