[Seaside] Security
Davorin Rusevljan
davorin.rusevljan at gmail.com
Sun May 3 09:53:35 UTC 2009
On 5/2/09, Ross Boylan <RossBoylan at stanfordalumni.org> wrote:
> If I have data that I want to be sure can only be seen by specific
> users, is there a way to do that in Seaside?
>
> All the previous discussion I've seen on this list concerns session
> security. While that is necessary, it is not sufficient. My concern is
> more that someone with a legitimate session could use it to get at
> something unauthorized.
>
> I understand I can write my app to only show the right things; can a
> determined client get around that?
As far as I can see, you would need to take care not to display it to
him as a result of your programming error, and to prevent him from
executing Smalltalk code.
If information is sensitive, you might use some of the tricks of
trenslucent databases:
http://www.oreillynet.com/pub/a/network/2002/08/02/simson.html
http://www.wayner.org/books/td/
rush
http://www,cloud208.com/
>
> Ross Boylan
>
>
> _______________________________________________
> seaside mailing list
> seaside at lists.squeakfoundation.org
> http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/seaside
>
More information about the seaside
mailing list