[Seaside] Session (in)security?
Boris Popov
boris at deepcovelabs.com
Thu Jun 15 17:58:13 UTC 2006
Okay, no harm using both though, is there? Could someone else chime in with
their experience with using cookies for session tracking please? I can't
imagine *anyone* passing the session key in the URL in their deployed
applications unless I'm missing something...
Thanks!
-Boris
--
+1.604.689.0322
DeepCove Labs Ltd.
4th floor 595 Howe Street
Vancouver, Canada V6C 2T5
boris at deepcovelabs.com
CONFIDENTIALITY NOTICE
This email is intended only for the persons named in the message
header. Unless otherwise indicated, it contains information that is
private and confidential. If you have received it in error, please
notify the sender and delete the entire message including any
attachments.
Thank you.
-----Original Message-----
From: seaside-bounces at lists.squeakfoundation.org
[mailto:seaside-bounces at lists.squeakfoundation.org] On Behalf Of David
Shaffer
Sent: Thursday, June 15, 2006 10:50 AM
To: The Squeak Enterprise Aubergines Server - general discussion.
Subject: Re: [Seaside] Session (in)security?
Boris Popov wrote:
>Ah!
>
>application preferenceAt: #useSessionCookie put: true
>
>Me wonders why this isn't on by default, we almost deployed with this being
>false...
>
>Cheers!
>
>-Boris
>
>
>
You can also
initialize
super initialize.
self addDecoration: WASessionProtector new
in your root component. WASessionProtector checks to make sure that
requests come from the same IP address as the original request. Doesn't
do much good if two requests come from different users behind the same
proxy though. I use this scheme because AFAIK there are still some
problems with session cookies....maybe they've been fixed though.
David
_______________________________________________
Seaside mailing list
Seaside at lists.squeakfoundation.org
http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/seaside
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3370 bytes
Desc: not available
Url : http://lists.squeakfoundation.org/pipermail/seaside/attachments/20060615/d1928e70/smime-0001.bin
More information about the Seaside
mailing list