[vlc-devel] vlc: svn commit r24363 (pdherbemont)
Remi Denis-Courmont
rdenis at simphalempin.com
Fri Jan 18 15:06:09 CET 2008
On Fri, 18 Jan 2008 11:37:21 +0100, Pierre d'Herbemont
<pdherbemont at free.fr> wrote:
>> Err, the feature request for Cookie was closed a long time ago, as a
>> won't
>> do. This opens us to a wide range of known problems that browsers have
>> learnt to cope with over the years.
>
> Hum. Didn't know. Well, I could add an option for that one, so it is
> disabled by default. But to me we have a simplified problem, as we
> just want to support Cookies across redirection. I don't plan to do
> something to support more complex situation.
I am NOT a browser security expert. My rough understanding is that, there
is a security problem:
- if a page can write a cookie for "someone" else,
- if a page can read a cookie from "someone" else.
Obviously, redirections may be affected by the first problem scenario.
> We don't promise a full blown implementation of Cookies support, just
> enough to work with some web server. I'll fix this domain check,
> though, currently it shouldn't be too troublesome.
It is not an issue of being full-blown or not (and it probably won't follow
the IETF spec anyway).
It is a matter of not re-opening with the VLC plugins (security or
otherwise) issues which browsers have otherwise fixed.
--
Rémi Denis-Courmont
http://www.remlab.net
More information about the vlc-devel
mailing list