diff options
author | Peter Hartmann <peter.hartmann@nokia.com> | 2010-11-19 15:24:35 +0100 |
---|---|---|
committer | Peter Hartmann <peter.hartmann@nokia.com> | 2011-01-05 16:19:49 +0100 |
commit | 0c07af230d016aab6e416ae57594189ab9953101 (patch) | |
tree | 8c43ecdf2c622a8f5a9a6ee5bb96a36b9c90e3c5 /src/network/access/qnetworkcookiejartlds_p.h.INFO | |
parent | 4836d809f5dc3fc9e978ef630c0e5c8847c171a7 (diff) |
cookie jar code: enhance security by keeping track of effective TLDs
The problem was the following: According to the cookie RFC, domains must
have at least one dot in their name for setting a cookie (e.g. domain
example.com can set a cookie for ".example.com" but not for ".com").
The problem is: Following this rule, one could still set "supercookies"
for e.g. ".co.uk".
The solution is to generate a table from
http://publicsuffix.org which maintains a list of all "effective" TLDs
like e.g. ".co.uk".
Reviewed-by: Olivier Goffart
Task-number: QTBUG-14706
Diffstat (limited to 'src/network/access/qnetworkcookiejartlds_p.h.INFO')
-rw-r--r-- | src/network/access/qnetworkcookiejartlds_p.h.INFO | 17 |
1 files changed, 17 insertions, 0 deletions
diff --git a/src/network/access/qnetworkcookiejartlds_p.h.INFO b/src/network/access/qnetworkcookiejartlds_p.h.INFO new file mode 100644 index 0000000000..57a8d0e0cc --- /dev/null +++ b/src/network/access/qnetworkcookiejartlds_p.h.INFO @@ -0,0 +1,17 @@ +The file qnetworkcookiejartlds_p.h is generated from the Public Suffix +List (see [1] and [2]), by the program residing at +util/network/cookiejar-generateTLDs in the Qt source tree. + +That program generates a character array and an index array from the +list to provide fast lookups of elements within C++. + +Those arrays in qnetworkcookiejartlds_p.h are derived from the Public +Suffix List ([2]), which was originally provided by +Jo Hermans <jo.hermans@gmail.com>. + +The file qnetworkcookiejartlds_p.h was last generated Friday, +November 19th 15:24 2010. + +---- +[1] list: http://mxr.mozilla.org/mozilla-central/source/netwerk/dns/effective_tld_names.dat?raw=1 +[2] homepage: http://publicsuffix.org/ |