Walter Davis wrote in post #1013792: > The only way we have determined that this is possible is with physical > access to the computer. >
Are you saying that the malicious user can only gain access to the user's account while using the user's computer? Or, is it true that once the malicious user has a copy of the cookie, he can access the account from any computer? > As in any security scheme, that pretty well > trumps anything that doesn't rely on the user logging in every time, > and time-limited sessions. > I wasn't critiquing rails, I was trying to understand why the author of the book said the persistent session was impervious to attack--after himself raising the specter of a malicious user gaining access to the user's computer. His explanation didn't make sense to me. -- Posted via http://www.ruby-forum.com/. -- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en.
