[Seaside] Seaside Security (was: Seaside playground)

[Torsten Bergmann]

The old seaside 2.8 made it easy to switch to deploymentMode
using an application preference.

Since this is not supported in 3.0 it is often the question
how to disable developer facilities...

However - in old seaside app's it was often easily possible
to check for http://yourhost/seaside/browse and use the 
web based Smalltalk browser (which is also accessible when 
halos are enabled) and change the code in an existing 
#renderContentOn: method adding some "trojan" code.

Only a browser refresh was required to execute it ...

I would vote for an easy way to switch between dev-mode
and a more secure production mode so people use it.
And an extra chapter on it in the seaside book!
 
Bye
T.
-- 
GRATIS für alle GMX-Mitglieder: Die maxdome Movie-FLAT!
Jetzt freischalten unter http://portal.gmx.net/de/go/maxdome01