Oracle HttpOnly 和安全标志的 Apex 视图设置
[英]Oracle Apex view settings for HttpOnly and Secure flags
问题描述
Based on the link below, current version of Oracle Apex cookies supports or automatically set as HTTP-only
根据下面的链接,当前版本的 Oracle Apex cookies 支持或自动设置为仅 HTTP
https://community.oracle.com/tech/developers/discussion/4060471/httponly-and-secure-flags-in-session-cookie-and-all-cookies-for-oracle-apex-application https://community.oracle.com/tech/developers/discussion/4060471/httponly-and-secure-flags-in-session-cookie-and-all-cookies-for-oracle-apex-application
Now, we have security scanning which requires to provide evidence if the application is in HTTP-Only.现在,我们进行了安全扫描,如果应用程序仅使用 HTTP,则需要提供证据。 Is there a way I can view this?有没有办法可以查看这个? Or is there any legit documentation from Oracle that can be reference to support the statement on the link?或者是否有任何来自 Oracle 的合法文档可以参考以支持链接上的声明? My Oracle Apex 21.1.6我的 Oracle Apex 21.1.6
2 个解决方案
解决方案1
0 2021-11-22 17:13:18
Moreover, since JEE 6 it's also declaratively easy setting HttpOnly flag in a session cookie by applying the following configuration in the deployment descriptor WEB-INF/web.xml:此外,从 JEE 6 开始,通过在部署描述符 WEB-INF/web.xml 中应用以下配置,还可以轻松地在 session cookie 中设置 HttpOnly 标志:
<session-config>
<cookie-config>
<http-only>true</http-only>
</cookie-config>
</session-config>
解决方案2
0 2021-12-07 13:28:05
This has been resolved after using Burp Suite - Application Security Testing Software .使用Burp Suite - 应用程序安全测试软件后,此问题已得到解决。 Rerun the process to Repeater, then yup, it shows there:将流程重新运行到Repeater,然后是的,它在那里显示:
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.