baikal

History

Frederic Hemberger 1896af0a45 Improve application security - Make session cookies only available via HTTP (prevent access from JavaScript) - only log PHP errors instead of displaying them in production. Displaying errors may give attackers hints how to exploit the application Set HTTP headers: X-Frame-Options: DENY Prevent Clickjacking attacks, see: http://en.wikipedia.org/wiki/Clickjacking X-Content-Type-Options: nosniff Prevent code injection via mime type sniffing Former-commit-id: `4ca925874c`	2014-01-21 16:14:47 +01:00
..
install	Improve application security	2014-01-21 16:14:47 +01:00
index.php	Improve application security	2014-01-21 16:14:47 +01:00

Frederic Hemberger 1896af0a45 Improve application security

- Make session cookies only available via HTTP (prevent access from JavaScript)
- only log PHP errors instead of displaying them in production.
  Displaying errors may give attackers hints how to exploit the application

Set HTTP headers:

X-Frame-Options: DENY
Prevent Clickjacking attacks, see: http://en.wikipedia.org/wiki/Clickjacking

X-Content-Type-Options: nosniff
Prevent code injection via mime type sniffing

Former-commit-id: 4ca925874c

2014-01-21 16:14:47 +01:00

install Improve application security 2014-01-21 16:14:47 +01:00

index.php Improve application security 2014-01-21 16:14:47 +01:00