Skip to Content
author's profile photo Former Member
Former Member

Set Infoview cookies as "Secure"

Hi guys,

one of our high-profile customers is performing a security test on their BO XI 3.0 environment and receive a red flag for the cookies generated by Infoview not marked as secure:

"cookies issued by the application authentication process where not marked as secure. By marking a cookie as secure, a web browser will not leak the cookie over an insecure channel. It is recommended that, where possible, cookies be marked secure."

Moreover, they receive a warning stating that

"cookies issued by the application authentication process did not have a path set. By setting a path on a cookie, then that cookies exposure can be restricted to within the scope of the application. It is recommended that, where possible, the application be modified to set a path on all cookies."

This behaviour is reproducible on a standard HTTPS deployment of BO XI 3. Can it be changed through configuration?

An example for a cookie not set to Secure, valid for 365 days and path / is InfoViewPLATFORMSVC_COOKIE_CMS

Any suggestions would be much appreaciated.

Michael

Add a comment
10|10000 characters needed characters exceeded

Related questions

1 Answer

  • author's profile photo Former Member
    Former Member
    Posted on Feb 26, 2009 at 02:56 PM

    Hi Mike,

    I recommend to post this query to the [BusinessObjects Enterprise Administration|BI Platform; forum.

    Best regards,

    Falk

    Add a comment
    10|10000 characters needed characters exceeded

Before answering

You should only submit an answer when you are proposing a solution to the poster's problem. If you want the poster to clarify the question or provide more information, please leave a comment instead, requesting additional details. When answering, please include specifics, such as step-by-step instructions, context for the solution, and links to useful resources. Also, please make sure that you answer complies with our Rules of Engagement.
You must be Logged in to submit an answer.

Up to 10 attachments (including images) can be used with a maximum of 1.0 MB each and 10.5 MB total.