[Seaside] Security

Ross Boylan RossBoylan at stanfordalumni.org
Sun May 3 22:35:49 UTC 2009

On Sun, 2009-05-03 at 12:42 -0600, Nevin Pratt wrote:
> For your app, I'd consider making your entire site use SSL, and I'd
> consider requiring cookies.  I'd also consider configuring Seaside for
> using cookies for the session key, plus use a secondary cookie for
> additional "branding" of your login/logout process.
I think also I'd want to add the wrapper that only permits sessions to
use the original IP address.

Are there any hidden problems that my turn up with clients that are
NAT'd or using a proxy?  I suppose a multi-homed client (more likely a
proxy) might randomly start using a different IP address.

I wasn't familiar with branding, but with Google's help I understand.
Thanks for mentioning it.

Thanks to everyone who responded.


More information about the seaside mailing list