[Seaside] Seaside Security (was: Seaside playground)
astares at gmx.de
Wed Jan 13 13:26:25 UTC 2010
The old seaside 2.8 made it easy to switch to deploymentMode
using an application preference.
Since this is not supported in 3.0 it is often the question
how to disable developer facilities...
However - in old seaside app's it was often easily possible
to check for http://yourhost/seaside/browse and use the
web based Smalltalk browser (which is also accessible when
halos are enabled) and change the code in an existing
#renderContentOn: method adding some "trojan" code.
Only a browser refresh was required to execute it ...
I would vote for an easy way to switch between dev-mode
and a more secure production mode so people use it.
And an extra chapter on it in the seaside book!
GRATIS für alle GMX-Mitglieder: Die maxdome Movie-FLAT!
Jetzt freischalten unter http://portal.gmx.net/de/go/maxdome01
More information about the seaside