WebAppSec/Secure Coding Details

From MozillaWiki

Revision as of 21:36, 10 November 2010 by Mcoates (talk | contribs)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

Jump to navigation Jump to search

Author

Michael Coates - mcoates [at] mozilla.com

Introduction

This document provides code examples and links to support the secure coding guidelines document.

Status

Layout

Session Management

Secure Flag

Django

Django provides built in support for setting the SECURE flag for the session id cookie. By default Django does NOT set the flag to secure

Correct Setting:

SESSION_COOKIE_SECURE = TRUE

http://docs.djangoproject.com/en/dev/topics/http/sessions/#session-cookie-secure

Cross Domain / Unintended User Actions

Preventing CSRF

Preventing Malicious Site Framing (ClickJacking)

Retrieved from "https://wiki.allizom.org/index.php?title=WebAppSec/Secure_Coding_Details&oldid=267117"