I noticed that the information (username, password, host, port) about every server I add are stored in a cookie.
Some browsers do not limit a cookie for a specific port, so theoretically the software I'm working on with my coworkers (running a clone locally on another port) could be sending the cookies I send to a remote test server and exposing my credentials in genghis_rb_servers. While it's usually safe, I think a malicious software running on localhost could exploit this.
I suggest keeping these sensitive information in a session rather than in the cookie.
I noticed that the information (username, password, host, port) about every server I add are stored in a cookie.
Some browsers do not limit a cookie for a specific port, so theoretically the software I'm working on with my coworkers (running a clone locally on another port) could be sending the cookies I send to a remote test server and exposing my credentials in
genghis_rb_servers. While it's usually safe, I think a malicious software running on localhost could exploit this.I suggest keeping these sensitive information in a session rather than in the cookie.