[Seaside] Passing links around - a security issue?
boris at deepcovelabs.com
Thu Jan 25 09:40:23 UTC 2007
(Sent from a BlackBerry)
----- Original Message -----
From: seaside-bounces at lists.squeakfoundation.org <seaside-bounces at lists.squeakfoundation.org>
To: The Squeak Enterprise Aubergines Server - general discussion. <seaside at lists.squeakfoundation.org>
Sent: Thu Jan 25 00:37:15 2007
Subject: Re: [Seaside] Passing links around - a security issue?
On 24 Jan 2007, at 20:37 , Lukas Renggli wrote:
>> On the other hand, if this is a critical security issue, it might be
>> to navigate the object graph (session -> currentRequest ->
>> and so on)
>> and get the peer's ip address and restrict the session to that
>> ip address.
>> I must admit that this is just an idea to explore, I never tried it.
> Back in 2004 I implemented a decoration class called
> WASessionProtector to Seaside that does exactly that. Added around the
> root component it remembers the IP from the first request and only let
> subsequent requests pass that origin from the same IP. Of course this
> does not provide an absolute security, but it is much more than doing
Cool! I just saw it in the base Seaside package and it is also in the
However I do not know if this works in VW. Has anyone tried it in
Seaside mailing list
Seaside at lists.squeakfoundation.org
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Seaside