[Seaside] Session (in)security?
ramonleon at cox.net
Sat Jun 17 00:58:49 UTC 2006
> Right, so why not pick the least evil of the two? There isn't a perfect
> security model out there, but given the choice of a cookie and plain text
> url I'd go for cookie 10 times out of 10.
A cookie is plain text as well, and no more secure than the url.
Seasides default prevents it from requiring cookies, a sensible default
considering many peoples irrational fear of cookies and disabling of
such. It's hardly a cut and dry case that a cookie is less "evil" than
the url, many think otherwise.
More information about the Seaside