How does encrypting them make any difference against steal-ability?
Wouldn't putting the IP address of the user be more to the point?
Though that would lock out many user's from ISP's using proxies.
I'm certainly aware of XSS issues and even posted a simple way of
blocking them in camping controllers which you'll find 3 replies ago.
Encrypting cookies wont change that issue one bit.
On 20/05/2008, at 7:01 PM, Magnus Holm wrote:
Cookies can be stealt. I'm protecting you against yourself :-P
2008/5/20, Bluebie, Jenna <[EMAIL PROTECTED]>:
Sure, but if you're building an app that keeps secrets about me from
me, I'd rather not use it, thank you.
On 20/05/2008, at 6:01 PM, Magnus Holm wrote:
Everyone can read their session, though. I can post an example which
encrypts everything (don't expect it to be super-fast).
On Tue, May 20, 2008 at 7:30 AM, Bluebie, Jenna
<[EMAIL PROTECTED]
wrote:
Also, here's a simple way to stop XSS dead!
http://code.whytheluckystiff.net/camping/wiki/XssBeGoneWithSessions
—
Jenna "is hoping all this will earn here some oats!" Fox
_______________________________________________
Camping-list mailing list
Camping-list@rubyforge.org
http://rubyforge.org/mailman/listinfo/camping-list
--
Magnus Holm _______________________________________________
Camping-list mailing list
Camping-list@rubyforge.org
http://rubyforge.org/mailman/listinfo/camping-list
--
Magnus Holm
_______________________________________________
Camping-list mailing list
Camping-list@rubyforge.org
http://rubyforge.org/mailman/listinfo/camping-list
_______________________________________________
Camping-list mailing list
Camping-list@rubyforge.org
http://rubyforge.org/mailman/listinfo/camping-list
