Sample Code, quick simple openid auth
Bluebie, Jenna
blueberry at creativepony.com
Tue May 20 09:20:49 EDT 2008
How does encrypting them make any difference against steal-ability?
Wouldn't putting the IP address of the user be more to the point?
Though that would lock out many user's from ISP's using proxies.
I'm certainly aware of XSS issues and even posted a simple way of
blocking them in camping controllers which you'll find 3 replies ago.
Encrypting cookies wont change that issue one bit.
On 20/05/2008, at 7:01 PM, Magnus Holm wrote:
> Cookies can be stealt. I'm protecting you against yourself :-P
>
> 2008/5/20, Bluebie, Jenna <blueberry at creativepony.com>:
>> Sure, but if you're building an app that keeps secrets about me from
>> me, I'd rather not use it, thank you.
>>
>>
>> On 20/05/2008, at 6:01 PM, Magnus Holm wrote:
>>
>>> Everyone can read their session, though. I can post an example which
>>> encrypts everything (don't expect it to be super-fast).
>>>
>>> On Tue, May 20, 2008 at 7:30 AM, Bluebie, Jenna
>>> <blueberry at creativepony.com
>>>> wrote:
>>> Also, here's a simple way to stop XSS dead!
>>> http://code.whytheluckystiff.net/camping/wiki/XssBeGoneWithSessions
>>>
>>> —
>>> Jenna "is hoping all this will earn here some oats!" Fox
>>>
>>> _______________________________________________
>>> Camping-list mailing list
>>> Camping-list at rubyforge.org
>>> http://rubyforge.org/mailman/listinfo/camping-list
>>>
>>>
>>>
>>> --
>>> Magnus Holm _______________________________________________
>>> Camping-list mailing list
>>> Camping-list at rubyforge.org
>>> http://rubyforge.org/mailman/listinfo/camping-list
>>
>>
>
>
> --
> Magnus Holm
> _______________________________________________
> Camping-list mailing list
> Camping-list at rubyforge.org
> http://rubyforge.org/mailman/listinfo/camping-list
More information about the Camping-list
mailing list