[Pushed] Restrict ACP session-related cookie path to admin directory
#1
As the ACP security bug hunt is on, the path of the cookies related to the ACP session should be set only to the admin directory, so they are not accessible on other parts of the forum.
devilshakerz.com/pgp (DF3A 34D9 A627 42E5 BC6A 6750 1F2F B8AA 28FF E1BC) ▪ keybase.io/devilshakerz
Reply
#2
Definitely agreed.
Reply
#3
Agree - it should be in a pack of security improvements for 1.8.3
[MyBB 1.8 Czech translation] [MyBB 1.8 plugins]: Prune old PMs + optimize DB plugin --- Thank you/like system
Reply
#4
+1 from me.
Reply
#5
Thank you, I'll create a GH issue for 1.8.4
All my plugins are available for free at MyBB Extend and on my GitHub. MyBB-Plugins.com has been closed and none of my plugins are officially maintained or supported.
Reply
#6
(2014-11-22, 09:06 PM)Pirata Nervo Wrote: Thank you, I'll create a GH issue for 1.8.4

Thank you for this.
-Ben

Please do not PM me for support. I am looking to be hired for paid services.

You can view my paid services here.
Reply


Forum Jump:


Users browsing this thread: 1 Guest(s)