> > I was wondering about unleashing the following tutorial on the LPW this > weekend to get feedback. I have lost all objectivity on it, so I appeal > to the regulars to point out the most problematic areas. > > https://github.com/duffee/Mojolicious_session_example > > All comments welcome, from Great! to For the Love of All, Don't Do This! >
I could only take a quick look, but i think some of the login code might be insecure. https://github.com/duffee/Mojolicious_session_example/blob/master/ldap/lib/LDAP/Controller/Secure.pm#L43-L52 That should return a false value after the $self->render call to break the dispatch chain. -- sebastian -- You received this message because you are subscribed to the Google Groups "Mojolicious" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at https://groups.google.com/group/mojolicious. For more options, visit https://groups.google.com/d/optout.
