RE: httpOnly issue

2017-03-08 Thread Pritchett, Mark S. (CONT)
To: Tomcat Users List Subject: RE: httpOnly issue Hi Mark The problem remains if I remove all the webapps except ROOT. Regards Mark -Original Message- From: Mark Thomas [mailto:ma...@apache.org] Sent: 08 March 2017 13:23 To: Tomcat Users List Subject: Re: httpOnly issue On 08/0

RE: httpOnly issue

2017-03-08 Thread Pritchett, Mark S. (CONT)
Hi Mark The problem remains if I remove all the webapps except ROOT. Regards Mark -Original Message- From: Mark Thomas [mailto:ma...@apache.org] Sent: 08 March 2017 13:23 To: Tomcat Users List Subject: Re: httpOnly issue On 08/03/17 12:53, Pritchett, Mark S. (CONT) wrote: > Hi

Re: httpOnly issue

2017-03-08 Thread Mark Thomas
On 08/03/17 12:53, Pritchett, Mark S. (CONT) wrote: > Hi All > > My first posting. > > Server version: Apache Tomcat/7.0.67 > JVM Version:1.7.0_131-mockbuild_2017_02_07_02_15-b00 > > A vulnerability scan has shown that tomcat doesn't apply httpOnly to come >

httpOnly issue

2017-03-08 Thread Pritchett, Mark S. (CONT)
Hi All My first posting. Server version: Apache Tomcat/7.0.67 JVM Version:1.7.0_131-mockbuild_2017_02_07_02_15-b00 A vulnerability scan has shown that tomcat doesn't apply httpOnly to come cookies. I need to determine if this can be 'corrected'. We're scanni

Re: HttpOnly

2012-06-13 Thread Pid
On 12/06/2012 15:11, Christopher Schultz wrote: > Paul, > > On 6/12/12 9:03 AM, Paul Singleton wrote: >> On 12/06/2012 06:57, Caldarale, Charles R wrote: >>>> From: N.s.Karthik [mailto:nskarthi...@gmail.com] Subject: >>>> HttpOnly >>> >>>

Re: HttpOnly

2012-06-12 Thread Christopher Schultz
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Paul, On 6/12/12 9:03 AM, Paul Singleton wrote: > On 12/06/2012 06:57, Caldarale, Charles R wrote: >>> From: N.s.Karthik [mailto:nskarthi...@gmail.com] Subject: >>> HttpOnly >> >>> Tomcat 6.0.10 >> >>

Re: HttpOnly

2012-06-12 Thread Paul Singleton
On 12/06/2012 06:57, Caldarale, Charles R wrote: From: N.s.Karthik [mailto:nskarthi...@gmail.com] Subject: HttpOnly Tomcat 6.0.10 For some specific Reason We use Tomcat 6.0.10 for Dev/Deploy in INTRANET. Sorry, but there is simply no excuse for using a version of Tomcat that's over

RE: HttpOnly

2012-06-12 Thread Caldarale, Charles R
> From: N.s.Karthik [mailto:nskarthi...@gmail.com] > Subject: HttpOnly > Tomcat 6.0.10 > For some specific Reason We use Tomcat 6.0.10 for Dev/Deploy in INTRANET. Sorry, but there is simply no excuse for using a version of Tomcat that's over five years old. Note that

Re: HttpOnly

2012-06-12 Thread Konstantin Kolinko
2012/6/12 N.s.Karthik : > Hi > > Spec > JDK1.6 > Tomcat 6.0.10 > O/s Win / Linux(r-Hat) > Browser : Crome 19.0.x / IE8 > > For some specific Reason We use Tomcat 6.0.10 for Dev/Deploy in INTRANET. > > I have Googled / Yahooed for the same. "HttpOnly"

Re: HttpOnly

2012-06-12 Thread Pid *
'd be more worried about the slew of other bugs that have been found & fixed since 6.0.10 was released. p > I have Googled / Yahooed for the same. "HttpOnly" > > 1 form suggested to use Filters and set Cookie Headers as alternative for > Handling "HttpOnly

Re: HttpOnly

2012-06-11 Thread Satish Kumar Geddam
https://owasp.org/index.php/HttpOnly#Using_Java_to_Set_HttpOnly enjoy On Tue, Jun 12, 2012 at 10:27 AM, N.s.Karthik wrote: > Hi > > Spec > JDK1.6 > Tomcat 6.0.10 > O/s Win / Linux(r-Hat) > Browser : Crome 19.0.x / IE8 > > For some specific Reason We use Tomcat 6.0.10

HttpOnly

2012-06-11 Thread N.s.Karthik
Hi Spec JDK1.6 Tomcat 6.0.10 O/s Win / Linux(r-Hat) Browser : Crome 19.0.x / IE8 For some specific Reason We use Tomcat 6.0.10 for Dev/Deploy in INTRANET. I have Googled / Yahooed for the same. "HttpOnly" 1 form suggested to use Filters and set Cookie Headers as alternative fo

Re: httponly cookies

2010-12-23 Thread Pid
On 23/12/2010 14:06, Venky Vasant wrote: > > My client application failing to read cookies set as httponly by .net server. > > what lines do i need add to read them and send it to the server.` Please start a new email, rather than adding to or editing a reply to an existing

Re: httponly cookies

2010-12-23 Thread Konstantin Kolinko
2010/12/23 Venky Vasant : > Imagin my client application as browser , i am trying to read through a > cookies > for another web app which is hosted on .NET, which was all working fine and > now > cookies have httponly attribute which is actually new to me at this time 1.

Re: httponly cookies

2010-12-23 Thread Venky Vasant
Imagin my client application as browser , i am trying to read through a cookies for another web app which is hosted on .NET, which was all working fine and now cookies have httponly attribute which is actually new to me at this time but from what i went through over the net, these are more

Re: httponly cookies

2010-12-23 Thread Konstantin Kolinko
2010/12/23 Venky Vasant : > > My client application failing to read cookies set as httponly by .net server. > > what lines do i need add to read them and send it to the server. > 1. Do you know what "Httponly" means? (The basics) 2. What your application is? (What techno

httponly cookies

2010-12-23 Thread Venky Vasant
  My client application failing to read cookies set as httponly by .net server.   what lines do i need add to read them and send it to the server.     Regards Venky