What's wrong with GitHubs solution? As I understand it, only insensitive stuff i... | Hacker News

Hacker News new | past | comments | ask | show | jobs | submit

login

mseebach on Oct 27, 2010 | parent | context | favorite | on: Sidejack Prevention

What's wrong with GitHubs solution? As I understand it, only insensitive stuff is available in the unencrypted session, while writes and sensitive stuff goes via unsidejackable HTTPS. Stealing a read-only Facebook/Twitter session is much less critical, and allows for CDNs etc.

nopal on Oct 27, 2010 [–]

Can someone still sidejack a session and view a private repo?

brown9-2 on Oct 27, 2010 | [–]

The secure cookie is meant to prevent this.

nopal on Oct 27, 2010 | | [–]

Yes, I see this right in the post now. I completely overlooked that SSL was used for browsing private repositories.

Join us for AI Startup School this June 16-17 in San Francisco!
Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact