[Seaside] Passing links around - a security issue?
Lukas Renggli
renggli at gmail.com
Wed Jan 24 19:37:31 UTC 2007
> On the other hand, if this is a critical security issue, it might be
> possible
> to navigate the object graph (session -> currentRequest -> nativeRequest
> and so on)
> and get the peer's ip address and restrict the session to that specific
> ip address.
>
> I must admit that this is just an idea to explore, I never tried it.
Back in 2004 I implemented a decoration class called
WASessionProtector to Seaside that does exactly that. Added around the
root component it remembers the IP from the first request and only let
subsequent requests pass that origin from the same IP. Of course this
does not provide an absolute security, but it is much more than doing
nothing.
Cheers,
Lukas
--
Lukas Renggli
http://www.lukas-renggli.ch
More information about the Seaside
mailing list