On Thu, Oct 22, 2009 at 4:54 PM, Randinn <rand...@gmail.com> wrote:

>
> I've been pondering this for some time, could an actor be used as a
> cookie,


No


> if so would that render the stealing attack mote?
>
> >    7. Lift uses the container's session management (usually JSESSIONID)
> for
> >    session management.  As far as I know, Jetty, Tomcat, Glassfish are
> secure
> >    in terms of the way they deal with sessions.  Of course, anything
> that's not
> >    over SSL is vulnerable to a cookie stealing attack.
>
> >
>


-- 
Lift, the simply functional web framework http://liftweb.net
Beginning Scala http://www.apress.com/book/view/1430219890
Follow me: http://twitter.com/dpp
Surf the harmonics

--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups 
"Lift" group.
To post to this group, send email to liftweb@googlegroups.com
To unsubscribe from this group, send email to 
liftweb+unsubscr...@googlegroups.com
For more options, visit this group at 
http://groups.google.com/group/liftweb?hl=en
-~----------~----~----~----~------~----~------~--~---

Reply via email to