gitorious.org Git - qt:qt.git/commit

author	Peter Hartmann <peter.hartmann@nokia.com>
	Fri, 19 Nov 2010 14:24:35 +0000 (15:24 +0100)
committer	Peter Hartmann <peter.hartmann@nokia.com>
	Wed, 5 Jan 2011 15:19:49 +0000 (16:19 +0100)
commit	0c07af230d016aab6e416ae57594189ab9953101
tree	8c43ecdf2c622a8f5a9a6ee5bb96a36b9c90e3c5	tree \| snapshot
parent	4836d809f5dc3fc9e978ef630c0e5c8847c171a7	commit \| diff

cookie jar code: enhance security by keeping track of effective TLDs

The problem was the following: According to the cookie RFC, domains must
have at least one dot in their name for setting a cookie (e.g. domain
example.com can set a cookie for ".example.com" but not for ".com").
The problem is: Following this rule, one could still set "supercookies"
for e.g. ".co.uk".
The solution is to generate a table from
http://publicsuffix.org which maintains a list of all "effective" TLDs
like e.g. ".co.uk".

Reviewed-by: Olivier Goffart
Task-number: QTBUG-14706

src/network/access/access.pri		diff \| blob \| history
src/network/access/qnetworkcookiejar.cpp		diff \| blob \| history
src/network/access/qnetworkcookiejar_p.h		diff \| blob \| history
src/network/access/qnetworkcookiejartlds_p.h	[new file with mode: 0644]	blob
src/network/access/qnetworkcookiejartlds_p.h.INFO	[new file with mode: 0644]	blob
tests/auto/qnetworkcookiejar/tst_qnetworkcookiejar.cpp		diff \| blob \| history
util/network/cookiejar-generateTLDs/cookiejar-generateTLDs.pro	[new file with mode: 0644]	blob
util/network/cookiejar-generateTLDs/main.cpp	[new file with mode: 0644]	blob

6b46b7419a5aee9bd5fce67b7bfa8afe8e

RSS Atom