本文介绍了如何为克隆__ac Cookie设置“安全"和"httpOnly"?的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

我已经安装了Plone 4.3.2(Zope 2.13.21).如文档所述( http://plone.org/documentation/kb/securing-plone)Cookie应该为securehttpOnly,且Zope 2.12或更高版本.

I have Plone 4.3.2 (Zope 2.13.21) installed. As mentioned in the documentation (http://plone.org/documentation/kb/securing-plone) cookies should be secure and httpOnly with Zope 2.12 or higher.

但是,如果我以管理员身份(或以zope-root定义的另一个用户)登录,则__ac cookie不是secure也不是httpOnly.如果我以在站点中创建的用户身份登录,一切都很好.有办法改变吗?

But if I log in as admin (or another user that is defined at zope-root) the __ac cookie is not secure and not httpOnly. If I log in as a user created in a site everything is fine. Is there a way to change this?

推荐答案

首先,要在Plone中设置cookie设置:

First off, to set cookie settings in Plone:

  • 将/manage附加到您的plone网站网址上
  • 点击"acl_users"
  • 点击会话"
  • 点击属性"标签

然后,对于root登录,这取决于您登录的位置.

Then, as for root login, it depends on where you login.

Zope根未实现cookie插件,仅使用基本身份验证登录. IMO,如果没有先建立隧道或使用VPN进入zope根目录,就永远不可访问.

Zope root does not implement a cookie plugin, it only logs in with basic auth. IMO, you should never have zope root accessible without first tunneling or using a VPN to get into it.

最后,您可以从您的plone站点禁用凭据_basic_auth插件.

Finally, you can disable credentials_basic_auth plugin from your plone site.

这篇关于如何为克隆__ac Cookie设置“安全"和"httpOnly"?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!

07-23 04:35
查看更多