Ticket #314 (closed defect: fixed)
sending session cookies
| Reported by: | eadz | Owned by: | matt |
|---|---|---|---|
| Priority: | normal | Component: | akismet |
| Severity: | major | Keywords: | |
| Cc: |
Description
It was bought up on the askimet mailing list that there was a problem but matt said the contents of $_SERVER were useful. This is effectively a backdoor.
As it is included by default I just thought people should know that it sends all the cookies for your whole domain (i.e. if you are logged into another application on your domain and make a comment on your blog it will send these too ).
Matt I strongly suggest you don't send cookies to Akismet.com. As Dirk Haun wrote on the akismet mailing list there are privacy and security implications.
Change History
Note: See
TracTickets for help on using
tickets.
Fixed.