Cookie security for nginx
Richard Stanway
r1ch+nginx at teamliquid.net
Tue Oct 10 11:04:18 UTC 2017
This is something you should fix on whatever application is setting the
cookie. It probably isn't nginx.
On Tue, Oct 10, 2017 at 10:04 AM, Johann Spies <jspies at sun.ac.za> wrote:
> A security scan on our server showed :
>
> Vulnerability Detection Method
> Details: SSL/TLS:
> Missing `secure` Cookie Attribute
> OID:1.3.6.1.4.1.25623.1.0.902661
> Version used:
> $Revision: 5543
>
> This is on Debian 8.9. and nginx 1.6.2-5+deb8u5.
>
> I am uncertain on how to fix this using standard debian packages.
>
> Can you help me fixing this please?
>
> Regards
> Johann
>
>
> --
> Johann Spies Telefoon: 021-808 4699
> Databestuurder / Data manager Faks: 021-883 3691
>
> Sentrum vir Navorsing oor Evaluasie, Wetenskap en Tegnologie
> Centre for Research on Evaluation, Science and Technology
> Universiteit Stellenbosch.
>
> The integrity and confidentiality of this email is governed by these terms
> / Hierdie terme bepaal die integriteit en vertroulikheid van hierdie epos.
> http://www.sun.ac.za/emaildisclaimer
> _______________________________________________
> nginx mailing list
> nginx at nginx.org
> http://mailman.nginx.org/mailman/listinfo/nginx
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nginx.org/pipermail/nginx/attachments/20171010/a02eee95/attachment-0001.html>
More information about the nginx
mailing list