[Seaside] Session (in)security?

Colin Putney cputney at wiresong.ca
Thu Jun 15 20:28:20 UTC 2006

On Jun 15, 2006, at 2:07 PM, Boris Popov wrote:

> Fair enough of a question. Here's one stab at the least argument- 
> provoking
> answer :)
> If somebody stands over my shoulder, the password fields are  
> (typically)
> masked (*****) whereas the address bar of the browser isn't.

Well, if you want to password protect your app, you can do that. If  
you want to rely on capability security with session keys, you have  
to be careful about distributing the capability. Seaside gives you a  
range of options for managing the security of your apps. What's wrong  
with that?


More information about the Seaside mailing list