[Seaside] Passing links around - a security issue?

Michel Bany michel.bany at gmail.com
Thu Jan 25 08:37:15 UTC 2007

On 24 Jan 2007, at 20:37 , Lukas Renggli wrote:

>> On the other hand, if this is a critical security issue, it might be
>> possible
>> to navigate the object graph (session -> currentRequest ->  
>> nativeRequest
>> and so on)
>> and get the peer's ip address and restrict the session to that  
>> specific
>> ip address.
>> I must admit that this is just an idea to explore, I never tried it.
> Back in 2004 I implemented a decoration class called
> WASessionProtector to Seaside that does exactly that. Added around the
> root component it remembers the IP from the first request and only let
> subsequent requests pass that origin from the same IP. Of course this
> does not provide an absolute security, but it is much more than doing
> nothing.

Cool! I just saw it in the base Seaside package and it is also in the  
VW port.
However I do not know if this works in VW. Has anyone tried it  in  
In Swazoo?


More information about the Seaside mailing list