[Seaside] Advice on writing secure webapps from a scarred friend

Mon, 29 Jul 2002 18:36:53 -0700 (PDT)

On Mon, 29 Jul 2002, Tim Rowledge wrote:

> > - Use HTTP basic authentication (look for an earlier thread of yours about
> > auth ;-) so that the attacker has to be on the same machine and browser
> > session as the real user (problem: no way to log out except for quitting
> > the browser).
> OK, so far as I can tell I'm doing that - I copied code from your auth
> page example.

No, if you were using basic auth there wouldn't be a form to enter the
user/password, the browser would pop up a special window.  See
IAAuthenticatedSession (this is what the /config app uses).