[Catalog-sig] Fwd: readthedocs.org or packages.python.org?
Richard Jones
richard at python.org
Thu Feb 7 00:41:26 CET 2013
On 7 February 2013 09:55, Donald Stufft <donald.stufft at gmail.com> wrote:
> http://en.wikipedia.org/wiki/Session_fixation
>
> packages.python.org can set a .python.org cookie which www.python.org will
> read.
Damn, cookies are busted :-(
At least secure cookies are safe, right? Right? Ugh, probably not.
So the only real solution is the one you use, which is to set up the
unsafe content on a separate domain. Easy enough, even I can buy
domains ;-)
Richard
More information about the Catalog-SIG
mailing list