[vlc-devel] vlc: svn commit r24363 (pdherbemont)

Remi Denis-Courmont rdenis at simphalempin.com
Fri Jan 18 15:06:09 CET 2008


On Fri, 18 Jan 2008 11:37:21 +0100, Pierre d'Herbemont
<pdherbemont at free.fr> wrote:
>> Err, the feature request for Cookie was closed a long time ago, as a
>> won't
>> do. This opens us to a wide range of known problems that browsers have
>> learnt to cope with over the years.
> 
> Hum. Didn't know. Well, I could add an option for that one, so it is
> disabled by default. But to me we have a simplified problem, as we
> just want to support Cookies across redirection. I don't plan to do
> something to support more complex situation.

I am NOT a browser security expert. My rough understanding is that, there
is a security problem:
- if a page can write a cookie for "someone" else,
- if a page can read a cookie from "someone" else.

Obviously, redirections may be affected by the first problem scenario.

> We don't promise a full blown implementation of Cookies support, just
> enough to work with some web server. I'll fix this domain check,
> though, currently it shouldn't be too troublesome.

It is not an issue of being full-blown or not (and it probably won't follow
the IETF spec anyway).
It is a matter of not re-opening with the VLC plugins (security or
otherwise) issues which browsers have otherwise fixed.

-- 
Rémi Denis-Courmont
http://www.remlab.net




More information about the vlc-devel mailing list