[Seaside] Security
Ross Boylan
RossBoylan at stanfordalumni.org
Sun May 3 22:35:49 UTC 2009
On Sun, 2009-05-03 at 12:42 -0600, Nevin Pratt wrote:
> For your app, I'd consider making your entire site use SSL, and I'd
> consider requiring cookies. I'd also consider configuring Seaside for
> using cookies for the session key, plus use a secondary cookie for
> additional "branding" of your login/logout process.
I think also I'd want to add the wrapper that only permits sessions to
use the original IP address.
Are there any hidden problems that my turn up with clients that are
NAT'd or using a proxy? I suppose a multi-homed client (more likely a
proxy) might randomly start using a different IP address.
I wasn't familiar with branding, but with Google's help I understand.
Thanks for mentioning it.
Thanks to everyone who responded.
Ross
More information about the seaside
mailing list