[Seaside] Advice on writing secure webapps from a scarred friend
Cees de Groot
seaside@lists.squeakfoundation.org
31 Jul 2002 03:21:04 +0200
Tim Rowledge <tim@sumeru.stanford.edu> said:
>Has anyone implemented HTTP Digest authorisation? I found the RFC 2617
>to be faintly intelligable, but not enough to feel like diving in
>myself.
How many browsers support it? Anyway, if you're halfway interested in
security, start putting your site behind an SSL server. Buy a couple of RSA
SecurID tokens. Follow my ideas about externally visible capabilities
(probably a breeze to implement in Seaside, Avi?). And that's in order of
effectiveness :-)
--
Cees de Groot http://www.cdegroot.com <cg@cdegroot.com>
GnuPG 1024D/E0989E8B 0016 F679 F38D 5946 4ECD 1986 F303 937F E098 9E8B
Cogito ergo evigilo