cookie jar code: enhance security by keeping track of effective TLDs
authorPeter Hartmann <peter.hartmann@nokia.com>
Fri, 19 Nov 2010 14:24:35 +0000 (15:24 +0100)
committerPeter Hartmann <peter.hartmann@nokia.com>
Wed, 5 Jan 2011 15:19:49 +0000 (16:19 +0100)
commit0c07af230d016aab6e416ae57594189ab9953101
tree8c43ecdf2c622a8f5a9a6ee5bb96a36b9c90e3c5
parent4836d809f5dc3fc9e978ef630c0e5c8847c171a7
cookie jar code: enhance security by keeping track of effective TLDs

The problem was the following: According to the cookie RFC, domains must
have at least one dot in their name for setting a cookie (e.g. domain
example.com can set a cookie for ".example.com" but not for ".com").
The problem is: Following this rule, one could still set "supercookies"
for e.g. ".co.uk".
The solution is to generate a table from
http://publicsuffix.org which maintains a list of all "effective" TLDs
like e.g. ".co.uk".

Reviewed-by: Olivier Goffart
Task-number: QTBUG-14706
src/network/access/access.pri
src/network/access/qnetworkcookiejar.cpp
src/network/access/qnetworkcookiejar_p.h
src/network/access/qnetworkcookiejartlds_p.h [new file with mode: 0644]
src/network/access/qnetworkcookiejartlds_p.h.INFO [new file with mode: 0644]
tests/auto/qnetworkcookiejar/tst_qnetworkcookiejar.cpp
util/network/cookiejar-generateTLDs/cookiejar-generateTLDs.pro [new file with mode: 0644]
util/network/cookiejar-generateTLDs/main.cpp [new file with mode: 0644]