[HTTPS-E Rulesets] 2ch.hk and bnw.im rulesets
Kagami Hiiragi
kagami at genshiken.org
Wed Dec 26 09:44:03 PST 2012
On 26.12.2012 20:53, Peter Eckersley wrote:
> This ruleset has some errors in it. When I run make:
Sorry, I really should have been tested it by myself, but I've just run
trivial-validate.py and it said that everything is ok.
> Also, please let me know how deeply you've tested these rulesets. If it's not
> very extensive, it's safer to not include the <securecookie> elements.
I use Firebug, it shows me that 2ch.hk uses __cfuuid cookie on .2ch.hk
domain and wakabastyle cookie on 2ch.hk domain. They are not secure so
this rule should fix it.
Although, site doesn't use login/password authentication (only service
cookies for things like style theme setting) so it seems like there is
no much harm in keeping them not secure.
About testing: simple day-to-day usage doesn't indicate that something
is wrong.
More information about the HTTPS-Everywhere-Rules
mailing list