After a recent security penetration test on website featuring Community Builder and GroupJive, we have been asked to ensure our cookies are set to HttpOnly and also Secure.
The one CB cookie that was highlighted was cbrvs.
Does anyone know if either this can be set, or indeed needs to be set to HttpOnly and Secure.
Our entire site is already on HTTPS so I understand the Secure setting would work, but I'm afraid I've no idea what information this cookie holds and so have no idea if it even needs to be messed with.
Any advice or information would be a great help and much appreciated.
There's no parameters to set the secure or http only settings for CBs cookies. They're simply antispam cookies and there's no reason to mark them secure or http only. If you still want to set those then you'll have to modify core files. Specifically in the below file.
You'll need to modify the CBCookie::setcookie usage for cbGetRegAntiSpamInputTag and cbGetAntiSpamInputTag functions.
Kyle (Krileon) Community Builder Team Member Before posting on forums:
Read FAQ thoroughly
+
Read our Documentation
+
Search the forums CB links:
Documentation
-
Localization
-
CB Quickstart
-
CB Paid Subscriptions
-
Add-Ons
-
Forge
-- If you are a Professional, Developer, or CB Paid Subscriptions subscriber and have a support issue please always post in your respective support forums for best results!
-- If I've missed your support post with a delay of 3 days or greater and are a Professional, Developer, or CBSubs subscriber please
send me a private message
with your thread and will reply when possible!
-- Please note I am available Monday - Friday from 8:00 AM CST to 4:00 PM CST. I am away on weekends (Saturday and Sunday) and if I've missed your post on or before a weekend after business hours please wait for the next following business day (Monday) and will get to your issue as soon as possible, thank you.
-- My role here is to provide guidance and assistance. I cannot provide custom code for each custom requirement. Please do not inquire me about custom development.
nant
