Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Consider use of SameSite=Strict #16316

Closed
InterLinked1 opened this issue Aug 25, 2020 · 1 comment · Fixed by #16386
Closed

Consider use of SameSite=Strict #16316

InterLinked1 opened this issue Aug 25, 2020 · 1 comment · Fixed by #16386
Assignees
@williamdes
Labels
enhancement A feature request for improving phpMyAdmin has-pr An issue that has a pull request pending that may fix this issue. The pull request may be incomplete
Projects
Enhancements
Milestone
5.1.0

Comments

@InterLinked1
Copy link

phpMyAdmin currently uses HttpOnly and Secure parameters, but it could also benefit from using the new SameSite=Strict setting. As far as I know, the cookie does not need to be available to any other domain. Thus, it would not hurt to set this cookie security setting. Could also consider using the __Host prefix.

It's possible this may not be compatible with something in phpMyAdmin but my preliminary look into the matter leads me to believe that is not the case - just an idea for a slight security boost!
@williamdes williamdes added the enhancement A feature request for improving phpMyAdmin label Aug 25, 2020
@williamdes williamdes added this to Triage zone in Enhancements via automation Aug 25, 2020
@williamdes williamdes moved this from Triage zone to Code base in Enhancements Aug 25, 2020
@rajat315315 rajat315315 mentioned this issue Oct 6, 2020
Merged
6 tasks
@williamdes williamdes added the has-pr An issue that has a pull request pending that may fix this issue. The pull request may be incomplete label Oct 6, 2020
@williamdes williamdes added this to the 5.1.0 milestone Oct 6, 2020
@williamdes williamdes self-assigned this Nov 1, 2020
williamdes added a commit that referenced this issue Nov 1, 2020
@williamdes
Improve the documentation for #16316
ce6bd5b 
Signed-off-by: William Desportes <williamdes@wdes.fr>
williamdes added a commit that referenced this issue Nov 1, 2020
@williamdes
Add a ChangeLog entry for #16316
e1c05b3 
Signed-off-by: William Desportes <williamdes@wdes.fr>
Enhancements automation moved this from Code base to Done Nov 1, 2020
@williamdes
Copy link
Member

Hi @InterLinked1
We added a new configuration option that will be in the next release :)
See: #16386 (comment)

@MauricioFauth MauricioFauth mentioned this issue Jul 10, 2021
Closed
@github-actions github-actions bot locked as resolved and limited conversation to collaborators Nov 2, 2021
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees

@williamdes williamdes

Labels
enhancement A feature request for improving phpMyAdmin has-pr An issue that has a pull request pending that may fix this issue. The pull request may be incomplete
Projects
Enhancements
  
Done
Milestone
5.1.0
Development

Successfully merging a pull request may close this issue.

Use of SameSite=Strict rajat315315/phpmyadmin
2 participants
@williamdes @InterLinked1