summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--doc/source/config.rst8
-rw-r--r--doc/source/encryption.rst3
-rw-r--r--doc/source/features.rst2
3 files changed, 7 insertions, 6 deletions
diff --git a/doc/source/config.rst b/doc/source/config.rst
index dfe2799..e9ee348 100644
--- a/doc/source/config.rst
+++ b/doc/source/config.rst
@@ -68,7 +68,7 @@ This configuration variable contains parameters that are used by multiple featur
68 sp.global.secret_key("44239bd400aa82e125337c9d4eb8315767411ccd"); 68 sp.global.secret_key("44239bd400aa82e125337c9d4eb8315767411ccd");
69 69
70- ``cookie_env_var``: A environment variable used as part of cookies encryption. 70- ``cookie_env_var``: A environment variable used as part of cookies encryption.
71 See the :ref:`relevant documentation <cookie-encryption-config>` 71 See the :ref:`relevant documentation <config_cookie-encryption>`
72 72
73Bugclass-killer features 73Bugclass-killer features
74------------------------ 74------------------------
@@ -107,7 +107,7 @@ It can either be ``enabled`` or ``disabled``.
107.. _config_global: 107.. _config_global:
108 108
109Prevent sloppy comparison 109Prevent sloppy comparison
110^^^^^^^^^^^^^^^^ 110^^^^^^^^^^^^^^^^^^^^^^^^^
111 111
112sloppy_comparison, disabled by default, will prevent php `type 112sloppy_comparison, disabled by default, will prevent php `type
113juggling <https://secure.php.net/manual/en/language.types.type-juggling.php>`_ (``==``) , preventing any bypass of a comparison. 113juggling <https://secure.php.net/manual/en/language.types.type-juggling.php>`_ (``==``) , preventing any bypass of a comparison.
@@ -133,11 +133,13 @@ It can either be ``enabled`` or ``disabled`` and can be used in ``simulation`` m
133 sp.unserialize_hmac.enable(); 133 sp.unserialize_hmac.enable();
134 sp.unserialize_hmac.disable(); 134 sp.unserialize_hmac.disable();
135 135
136.. _config_cookie-encryption:
137
136Cookies-related mitigations 138Cookies-related mitigations
137^^^^^^^^^^^^^^^^^^^^^^^^^^^ 139^^^^^^^^^^^^^^^^^^^^^^^^^^^
138 140
139Since snuffleupagus is providing several hardening features for cookies, 141Since snuffleupagus is providing several hardening features for cookies,
140there is a :dedicated web page:`here <cookie-encryption-config>` about them. 142there is a dedicated web page :ref:`here <cookie-encryption-page>` about them.
141 143
142 144
143readonly_exec 145readonly_exec
diff --git a/doc/source/encryption.rst b/doc/source/encryption.rst
index 8ac6861..2b6ac9d 100644
--- a/doc/source/encryption.rst
+++ b/doc/source/encryption.rst
@@ -1,4 +1,4 @@
1.. _cookie-encryption-config: 1.. _cookie-encryption-page:
2 2
3Cookies 3Cookies
4======= 4=======
@@ -39,7 +39,6 @@ It can either be set to ``strict`` or ``lax``:
39 sp.cookie.name("cookie1").samesite("lax"); 39 sp.cookie.name("cookie1").samesite("lax");
40 sp.cookie.name("cookie2").samesite("strict");; 40 sp.cookie.name("cookie2").samesite("strict");;
41 41
42.. _cookie-encryption_config:
43 42
44Cookie encryption 43Cookie encryption
45""""""""""""""""" 44"""""""""""""""""
diff --git a/doc/source/features.rst b/doc/source/features.rst
index 08ad3d4..e420156 100644
--- a/doc/source/features.rst
+++ b/doc/source/features.rst
@@ -71,7 +71,7 @@ Like *Suhosin*, we are encrypting the cookies with a secret key,
71an environment variable (usually the IP of the user) 71an environment variable (usually the IP of the user)
72and the user's user-agent. This means that an attacker with an XSS won't be able to use 72and the user's user-agent. This means that an attacker with an XSS won't be able to use
73the stolen cookie, since he can't spoof the content of the value of the environment 73the stolen cookie, since he can't spoof the content of the value of the environment
74variable for the user. Please do read the :ref:`documentation about this feature <cookie-encryption_config>` 74variable for the user. Please do read the :ref:`documentation about this feature <config_cookie-encryption>`
75if you're planning to use it. 75if you're planning to use it.
76 76
77This feature is roughly the same than the `Suhosin one <https://suhosin.org/stories/configuration.html#transparent-encryption-options>`_. 77This feature is roughly the same than the `Suhosin one <https://suhosin.org/stories/configuration.html#transparent-encryption-options>`_.