46 lines
1.2 KiB
Plaintext
46 lines
1.2 KiB
Plaintext
include::../description.adoc[]
|
|
|
|
include::../ask-yourself.adoc[]
|
|
|
|
include::../recommended.adoc[]
|
|
|
|
== Sensitive Code Example
|
|
|
|
If you create a security-sensitive cookie in your JAVA code:
|
|
|
|
----
|
|
Cookie c = new Cookie(COOKIENAME, sensitivedata);
|
|
c.setSecure(false); // Sensitive: a security-ensitive cookie is created with the secure flag set to false
|
|
----
|
|
|
|
By default the https://docs.oracle.com/javaee/6/api/javax/servlet/http/Cookie.html#setSecure(boolean)[``++secure++``] flag is set to _false:_
|
|
|
|
----
|
|
Cookie c = new Cookie(COOKIENAME, sensitivedata); // Sensitive: a security-sensitive cookie is created with the secure flag not defined (by default set to false)
|
|
----
|
|
|
|
== Compliant Solution
|
|
|
|
[source,java]
|
|
----
|
|
Cookie c = new Cookie(COOKIENAME, sensitivedata);
|
|
c.setSecure(true); // Compliant: the sensitive cookie will not be send during an unencrypted HTTP request thanks to the secure flag set to true
|
|
----
|
|
|
|
include::../see.adoc[]
|
|
|
|
ifdef::env-github,rspecator-view[]
|
|
|
|
'''
|
|
== Implementation Specification
|
|
(visible only on this page)
|
|
|
|
include::../message.adoc[]
|
|
|
|
'''
|
|
== Comments And Links
|
|
(visible only on this page)
|
|
|
|
include::../comments-and-links.adoc[]
|
|
endif::env-github,rspecator-view[]
|