SiteMinder Webagent : (ACO) parameter 'UseHTTPOnlyCookies' to protect against cross site scripting attacks
search cancel

SiteMinder Webagent : (ACO) parameter 'UseHTTPOnlyCookies' to protect against cross site scripting attacks

book

Article ID: 51256

calendar_today

Updated On:

Products

CA Single Sign On Secure Proxy Server (SiteMinder) CA Single Sign On SOA Security Manager (SiteMinder) CA Single Sign-On

Issue/Introduction

Description:

The Agent Configuration Object (ACO) parameter 'UseHTTPOnlyCookies' helps protect against cross-site scripting attacks using an 'HTTP-Only' cookie attribute .

 

Environment

Policy Server Version: All Supported versions
Web Agent Version: 12.52.x.x and 12.8

Resolution

To help protect against cross-site scripting attacks , User can set the HTTP-Only attribute for any cookies that webagent creates using the following parameter: UseHTTPOnlyCookies=Yes.

The HTTP-Only attribute specifies that a cookie cannot be accessible through script.

UseHTTPOnlyCookies

Powered by Wolken Software