[sleuthkit-users] Autopsy Cookies

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

One more survey question for v2.  The default behavior of autopsy is 
currently to have the random cookie in the URL, which is there to 
prevent unauthorized viewing from the host that has been specified 
(localhost by default).  You can skip the cookie with '-C' or by 
editing the 'conf.pl' file (which I usually do).  I'm assuming that 
most people use autopsy on a single user system with localhost and 
therefore the cookie is not needed and it  becomes annoying.

Therefore, I propose to, by default, not use a cookie if the "remote" 
host is 'localhost' or 127.0.0.1.  All other hosts will use a cookie 
and there will be a '-c' flag to force a cookie for multiuser localhost 
environments.  The '-C' flag will still exist to force no cookies for 
the remote host scenario.   I'm also looking into adding an SSL Perl 
module so that a remote connection can be easily encrypted.

Any problems with this plan?

brian