[Seaside] Security

Davorin Rusevljan davorin.rusevljan at gmail.com
Sun May 3 09:53:35 UTC 2009

On 5/2/09, Ross Boylan <RossBoylan at stanfordalumni.org> wrote:
> If I have data that I want to be sure can only be seen by specific
>  users, is there a way to do that in Seaside?
>  All the previous discussion I've seen on this list concerns session
>  security.  While that is necessary, it is not sufficient.  My concern is
>  more that someone with a legitimate session could use it to get at
>  something unauthorized.
>  I understand I can write my app to only show the right things; can a
>  determined client get around that?

As far as I can see, you would need to take care not to display it to
him as a result of your programming error, and to prevent him from
executing Smalltalk code.

If information is sensitive, you might use some of the tricks of
trenslucent databases:



>  Ross Boylan
>  _______________________________________________
>  seaside mailing list
>  seaside at lists.squeakfoundation.org
>  http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/seaside

More information about the seaside mailing list