Smalltalk Cincom VisualWorks

[vwnc] [7.6] Detected unrecognized cookie attribute: HttpOnly

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
4 messages Options
Boris Popov, DeepCove Labs (SNN)
Reply | Threaded
Open this post in threaded view
|

[vwnc] [7.6] Detected unrecognized cookie attribute: HttpOnly

Boris Popov, DeepCove Labs (SNN)
It would be awefully nice if HttpClient didn't suddenly blow up with an
error when it encountered cookie attributes it wasn't trained to
recognize or at least used a non-generic error class that one could put
a handler around...

Thanks,

-Boris

--
+1.604.689.0322
DeepCove Labs Ltd.
4th floor 595 Howe Street
Vancouver, Canada V6C 2T5
http://tinyurl.com/r7uw4

[hidden email]

CONFIDENTIALITY NOTICE

This email is intended only for the persons named in the message
header. Unless otherwise indicated, it contains information that is
private and confidential. If you have received it in error, please
notify the sender and delete the entire message including any
attachments.

Thank you.

_______________________________________________
vwnc mailing list
[hidden email]
http://lists.cs.uiuc.edu/mailman/listinfo/vwnc

stack.txt (71K) Download Attachment
Boris Popov, DeepCove Labs (SNN)
Reply | Threaded
Open this post in threaded view
|

Re: [vwnc] [7.6] Detected unrecognized cookie attribute: HttpOnly

Boris Popov, DeepCove Labs (SNN)
Robustness Principle (known otherwise as Postel's Law): Be conservative
in what you do; be liberal in what you accept from others.

http://en.wikipedia.org/wiki/Postel%27s_law

-Boris

--
+1.604.689.0322
DeepCove Labs Ltd.
4th floor 595 Howe Street
Vancouver, Canada V6C 2T5
http://tinyurl.com/r7uw4

[hidden email]

CONFIDENTIALITY NOTICE

This email is intended only for the persons named in the message
header. Unless otherwise indicated, it contains information that is
private and confidential. If you have received it in error, please
notify the sender and delete the entire message including any
attachments.

Thank you.

> -----Original Message-----
> From: Boris Popov
> Sent: Thursday, August 07, 2008 5:19 PM
> To: VWNC
> Subject: [7.6] Detected unrecognized cookie attribute: HttpOnly
>
> It would be awefully nice if HttpClient didn't suddenly blow up with
an
> error when it encountered cookie attributes it wasn't trained to
recognize
> or at least used a non-generic error class that one could put a
handler

> around...
>
> Thanks,
>
> -Boris
>
> --
> +1.604.689.0322
> DeepCove Labs Ltd.
> 4th floor 595 Howe Street
> Vancouver, Canada V6C 2T5
> http://tinyurl.com/r7uw4
>
> [hidden email]
>
> CONFIDENTIALITY NOTICE
>
> This email is intended only for the persons named in the message
> header. Unless otherwise indicated, it contains information that is
> private and confidential. If you have received it in error, please
> notify the sender and delete the entire message including any
> attachments.
>
> Thank you.

_______________________________________________
vwnc mailing list
[hidden email]
http://lists.cs.uiuc.edu/mailman/listinfo/vwnc
Joerg Beekmann, DeepCove Labs (YVR)
Reply | Threaded
Open this post in threaded view
|

Re: [vwnc] [7.6] Detected unrecognized cookie attribute: HttpOnly

Joerg Beekmann, DeepCove Labs (YVR)
In reply to this post by Boris Popov, DeepCove Labs (SNN)
Further to this here is a description of the httponly cookie flag;
http://www.owasp.org/index.php/HTTPOnly.

We addressed the problem by making the processUnknownParam:value: method
a no-op via an override. As Boris points out we can't see any reason to
be so draconian as to throw an error, notification perhaps. Throwing an
error means, as happened in our case, application will fail as soon as
the server on the other side starts supplying an "unknown parameter".

Joerg

> -----Original Message-----
> From: [hidden email] [mailto:[hidden email]] On
Behalf
> Of Boris Popov
> Sent: Thursday, August 07, 2008 5:19 PM
> To: VWNC
> Subject: [vwnc] [7.6] Detected unrecognized cookie attribute: HttpOnly
>
> It would be awefully nice if HttpClient didn't suddenly blow up with
an
> error when it encountered cookie attributes it wasn't trained to
> recognize or at least used a non-generic error class that one could
put

> a handler around...
>
> Thanks,
>
> -Boris
>
> --
> +1.604.689.0322
> DeepCove Labs Ltd.
> 4th floor 595 Howe Street
> Vancouver, Canada V6C 2T5
> http://tinyurl.com/r7uw4
>
> [hidden email]
>
> CONFIDENTIALITY NOTICE
>
> This email is intended only for the persons named in the message
> header. Unless otherwise indicated, it contains information that is
> private and confidential. If you have received it in error, please
> notify the sender and delete the entire message including any
> attachments.
>
> Thank you.

_______________________________________________
vwnc mailing list
[hidden email]
http://lists.cs.uiuc.edu/mailman/listinfo/vwnc
Kogan, Tamara
Reply | Threaded
Open this post in threaded view
|

Re: [vwnc] [7.6] Detected unrecognized cookie attribute: HttpOnly

Kogan, Tamara
In reply to this post by Boris Popov, DeepCove Labs (SNN)
Created
54909: "[7.6] Detected unrecognized cookie attribute: HttpOnly"

Thanks,

Tamara Kogan
Smalltalk development,
Cincom Systems

> -----Original Message-----
> From: [hidden email] [mailto:[hidden email]] On
Behalf
> Of Boris Popov
> Sent: Thursday, August 07, 2008 8:23 PM
> To: VWNC
> Subject: Re: [vwnc] [7.6] Detected unrecognized cookie attribute:
HttpOnly
>
> Robustness Principle (known otherwise as Postel's Law): Be
conservative

> in what you do; be liberal in what you accept from others.
>
> http://en.wikipedia.org/wiki/Postel%27s_law
>
> -Boris
>
> --
> +1.604.689.0322
> DeepCove Labs Ltd.
> 4th floor 595 Howe Street
> Vancouver, Canada V6C 2T5
> http://tinyurl.com/r7uw4
>
> [hidden email]
>
> CONFIDENTIALITY NOTICE
>
> This email is intended only for the persons named in the message
> header. Unless otherwise indicated, it contains information that is
> private and confidential. If you have received it in error, please
> notify the sender and delete the entire message including any
> attachments.
>
> Thank you.
>
> > -----Original Message-----
> > From: Boris Popov
> > Sent: Thursday, August 07, 2008 5:19 PM
> > To: VWNC
> > Subject: [7.6] Detected unrecognized cookie attribute: HttpOnly
> >
> > It would be awefully nice if HttpClient didn't suddenly blow up with
> an
> > error when it encountered cookie attributes it wasn't trained to
> recognize
> > or at least used a non-generic error class that one could put a
> handler
> > around...
> >
> > Thanks,
> >
> > -Boris
> >
> > --
> > +1.604.689.0322
> > DeepCove Labs Ltd.
> > 4th floor 595 Howe Street
> > Vancouver, Canada V6C 2T5
> > http://tinyurl.com/r7uw4
> >
> > [hidden email]
> >
> > CONFIDENTIALITY NOTICE
> >
> > This email is intended only for the persons named in the message
> > header. Unless otherwise indicated, it contains information that is
> > private and confidential. If you have received it in error, please
> > notify the sender and delete the entire message including any
> > attachments.
> >
> > Thank you.
>
> _______________________________________________
> vwnc mailing list
> [hidden email]
> http://lists.cs.uiuc.edu/mailman/listinfo/vwnc

_______________________________________________
vwnc mailing list
[hidden email]
http://lists.cs.uiuc.edu/mailman/listinfo/vwnc
Free forum by Nabble Edit this page