hi,
the security scan of my server returned:
Summary
The remote web application sets various cookies throughout a user's unauthenticated and authenticated session. However, there are instances where the application is running over unencrypted HTTP or the cookies are not marked 'secure', meaning the browser could send them back over an unencrypted link under certain circumstances. As a result, it may be possible for a remote attacker to intercept these cookies.
The following cookie does do not have the Secure cookie flag:
Cookie name: pmaCookieVer, Path: /phpMyAdmin/, Secure Flag: 0
Cookie name: pma_lang, Path: /phpMyAdmin/, Secure Flag: 0
Cookie name: pma_collation_connection, Path: /phpMyAdmin/, Secure Flag: 0
Cookie name: phpMyAdmin, Path: /phpMyAdmin/, Secure Flag: 0
Where should I update the configuration? Also, can you please ensure to add it to standard Custombuild package?
regards
the security scan of my server returned:
Summary
The remote web application sets various cookies throughout a user's unauthenticated and authenticated session. However, there are instances where the application is running over unencrypted HTTP or the cookies are not marked 'secure', meaning the browser could send them back over an unencrypted link under certain circumstances. As a result, it may be possible for a remote attacker to intercept these cookies.
The following cookie does do not have the Secure cookie flag:
Cookie name: pmaCookieVer, Path: /phpMyAdmin/, Secure Flag: 0
Cookie name: pma_lang, Path: /phpMyAdmin/, Secure Flag: 0
Cookie name: pma_collation_connection, Path: /phpMyAdmin/, Secure Flag: 0
Cookie name: phpMyAdmin, Path: /phpMyAdmin/, Secure Flag: 0
Where should I update the configuration? Also, can you please ensure to add it to standard Custombuild package?
regards