Follow

Good reminder that, if you need to display untrusted data, you don’t give it a subdomain of your main domain name. Yes, modern security mechanisms properly isolate subdomains from each other. But cookies aren’t modern, they are really ancient.

bergee.it/blog/turning-cookie-

Sign in to participate in the conversation
Infosec Exchange

A Mastodon instance for info/cyber security-minded people.