Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Consider use of SameSite=Strict #16316

Closed
InterLinked1 opened this issue Aug 25, 2020 · 1 comment · Fixed by #16386
Closed

Consider use of SameSite=Strict #16316

InterLinked1 opened this issue Aug 25, 2020 · 1 comment · Fixed by #16386
Assignees
Labels
enhancement A feature request for improving phpMyAdmin has-pr An issue that has a pull request pending that may fix this issue. The pull request may be incomplete
Milestone

Comments

@InterLinked1
Copy link

phpMyAdmin currently uses HttpOnly and Secure parameters, but it could also benefit from using the new SameSite=Strict setting. As far as I know, the cookie does not need to be available to any other domain. Thus, it would not hurt to set this cookie security setting. Could also consider using the __Host prefix.

It's possible this may not be compatible with something in phpMyAdmin but my preliminary look into the matter leads me to believe that is not the case - just an idea for a slight security boost!

@williamdes williamdes added the enhancement A feature request for improving phpMyAdmin label Aug 25, 2020
@williamdes williamdes added this to Triage zone in Enhancements via automation Aug 25, 2020
@williamdes williamdes moved this from Triage zone to Code base in Enhancements Aug 25, 2020
@williamdes williamdes added the has-pr An issue that has a pull request pending that may fix this issue. The pull request may be incomplete label Oct 6, 2020
@williamdes williamdes added this to the 5.1.0 milestone Oct 6, 2020
@williamdes williamdes self-assigned this Nov 1, 2020
williamdes added a commit that referenced this issue Nov 1, 2020
Signed-off-by: William Desportes <williamdes@wdes.fr>
williamdes added a commit that referenced this issue Nov 1, 2020
Signed-off-by: William Desportes <williamdes@wdes.fr>
Enhancements automation moved this from Code base to Done Nov 1, 2020
@williamdes
Copy link
Member

Hi @InterLinked1
We added a new configuration option that will be in the next release :)
See: #16386 (comment)

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
enhancement A feature request for improving phpMyAdmin has-pr An issue that has a pull request pending that may fix this issue. The pull request may be incomplete
Projects
Enhancements
  
Done
Development

Successfully merging a pull request may close this issue.

2 participants