Just to be clear, the issue I was referring to, was to not trust the
data sent by the client.
I.e. if you are allowing the user to access an object in the database,
and not enforcing any restrictions other than client side UI, then this
is bad.
This topic spreads wayyyyyyyy long cookies and sessions lol.
On 09/05/2011 22:12, Greg Donald wrote:
On Mon, May 9, 2011 at 8:15 AM, Brian Bouterse<[email protected]> wrote:
In the name of not trusting any data coming from the client, one way that
IBM uses often is called continuations.
I thought they were called cookies?
Basically you keep all data on the
server, and only give the client an identifier of that data.
Yeah, sounds exactly like a session-based cookie.
--
You received this message because you are subscribed to the Google Groups "Django
users" group.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to
[email protected].
For more options, visit this group at
http://groups.google.com/group/django-users?hl=en.
