silverstripe-framework/security
Ingo Schommer 2700d73e97 ENHANCEMENT Limiting "alc_enc" cookie (remember login token) to httpOnly to reduce risk of information exposure through XSS
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@86027 467b73ca-7a2a-4603-9d3b-597d59a354a9
2009-09-10 03:23:31 +00:00
..
Authenticator.php Merged changes from 2.3 branch 2009-02-01 23:49:53 +00:00
BasicAuth.php MINOR phpdoc documentation 2009-03-22 22:59:14 +00:00
ChangePasswordForm.php Merged changes from 2.3 branch 2009-02-01 23:49:53 +00:00
Group.php NOTFORMERGE: Merged 84085 from 2.3 2009-08-10 04:32:39 +00:00
LoginAttempt.php Merged from branches/2.3 2009-04-29 00:07:39 +00:00
LoginForm.php Merged from branches/nzct-trunk. Use 'svn log -c <changeset> -g' for full commit message. Merge includes stability fixes and minor refactor of TableListField and ComplexTableField. 2008-10-08 02:00:12 +00:00
Member.php ENHANCEMENT Limiting "alc_enc" cookie (remember login token) to httpOnly to reduce risk of information exposure through XSS 2009-09-10 03:23:31 +00:00
MemberAuthenticator.php BUGFIX: MemberAuthenticator::authenticate() returns a member object or false, in keeping with the current docs. 2009-06-28 02:48:33 +00:00
MemberLoginForm.php ENHANCEMENT Avoid information disclosure in Security/lostpassword form by returning the same message regardless wether a matching email address was found in the database. 2009-09-10 03:01:46 +00:00
MemberPassword.php Merged changes from 2.3 branch 2009-02-01 23:49:53 +00:00
NZGovtPasswordValidator.php MINOR Unified @package PHPdoc (added where missing, removed duplicates) 2008-06-15 13:33:53 +00:00
PasswordValidator.php Updating queries to be more DB agnostic 2008-11-24 09:31:14 +00:00
Permission.php API CHANGE Removed Permission->listcodes(), use custom code 2009-09-10 01:54:15 +00:00
PermissionDropdownField.php MINOR Unified @package PHPdoc (added where missing, removed duplicates) 2008-06-15 13:33:53 +00:00
PermissionProvider.php MINOR Unified @package PHPdoc (added where missing, removed duplicates) 2008-06-15 13:33:53 +00:00
Security.php ENHANCEMENT Avoid information disclosure in Security/lostpassword form by returning the same message regardless wether a matching email address was found in the database. 2009-09-10 03:01:46 +00:00