Details

    • Type: Language-Specification
    • Status: Active
    • Resolution: Unresolved
    • Labels:
    • Impact:
      Unknown 'null' severity
    • Likelihood:
      Unknown 'null' severity

      Description

      Sensitive Code Example

      If you create a security-sensitive cookie in your JAVA code:

      Cookie c = new Cookie(COOKIENAME, sensitivedata);
      c.setSecure(false);  // Sensitive: a security-ensitive cookie is created with the secure flag set to false 
      

      By default the secure flag is set to false:

      Cookie c = new Cookie(COOKIENAME, sensitivedata);  // Sensitive: a security-sensitive cookie is created with the secure flag not defined (by default set to false)
      

      Compliant Solution

      Cookie c = new Cookie(COOKIENAME, sensitivedata);
      c.setSecure(true); // Compliant: the sensitive cookie will not be send during an unencrypted HTTP request thanks to the secure flag set to true
      

        Attachments

          Activity

            People

            Assignee:
            Unassigned Unassigned
            Reporter:
            alexandre.gigleux Alexandre Gigleux
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Dates

              Created:
              Updated: