[Seaside] Session (in)security?
Colin Putney
cputney at wiresong.ca
Thu Jun 15 20:28:20 UTC 2006
On Jun 15, 2006, at 2:07 PM, Boris Popov wrote:
> Fair enough of a question. Here's one stab at the least argument-
> provoking
> answer :)
>
> If somebody stands over my shoulder, the password fields are
> (typically)
> masked (*****) whereas the address bar of the browser isn't.
Well, if you want to password protect your app, you can do that. If
you want to rely on capability security with session keys, you have
to be careful about distributing the capability. Seaside gives you a
range of options for managing the security of your apps. What's wrong
with that?
Colin
More information about the Seaside
mailing list