[Lift] Re: Security Explained

2009-10-23 Thread aw
Thank you for this, and so quickly! I was able to leverage this for what I needed. --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "Lift" group. To post to this group, send email to liftweb@googlegroups.com To unsub

[Lift] Re: Security Explained

2009-10-22 Thread David Pollak
On Thu, Oct 22, 2009 at 4:54 PM, Randinn wrote: > > I've been pondering this for some time, could an actor be used as a > cookie, No > if so would that render the stealing attack mote? > > >7. Lift uses the container's session management (usually JSESSIONID) > for > >session managemen

[Lift] Re: Security Explained

2009-10-22 Thread Randinn
I've been pondering this for some time, could an actor be used as a cookie, if so would that render the stealing attack mote? >    7. Lift uses the container's session management (usually JSESSIONID) for >    session management.  As far as I know, Jetty, Tomcat, Glassfish are secure >    in terms

[Lift] Re: Security Explained

2009-10-22 Thread David Pollak
On Thu, Oct 22, 2009 at 10:49 AM, aw wrote: > > My company is looking for an explanation of how Lift is secure. > > I recall reading a comment saying that Lift deals well with most of > the Top 10 OWASP vulnerabilities (http://www.owasp.org/index.php/ > Top_10_2007

[Lift] Re: security

2009-06-16 Thread James Matlik
This looks to be a very significant selling point for Lift. I realize there are some high level comments about Lift being designed for security, but I haven't seen any details explaining what measures have been put in place to qualify those statements. This is a prime example of what should be pu

[Lift] Re: security

2009-06-13 Thread David Pollak
On Wed, Jun 10, 2009 at 4:45 PM, Oliver Lambert wrote: > > > On Wed, Jun 10, 2009 at 11:58 PM, David Pollak < > feeder.of.the.be...@gmail.com> wrote: > >> >> >> On Tue, Jun 9, 2009 at 11:39 PM, marius d. wrote: >> >>> >>> Hi, >>> >>> For most apps cannonicalization is not really necessary as the

[Lift] Re: security

2009-06-11 Thread marius d.
On Jun 11, 2:45 am, Oliver Lambert wrote: > On Wed, Jun 10, 2009 at 11:58 PM, David Pollak < > > > > feeder.of.the.be...@gmail.com> wrote: > > > On Tue, Jun 9, 2009 at 11:39 PM, marius d. wrote: > > >> Hi, > > >> For most apps cannonicalization is not really necessary as the > >> character stre

[Lift] Re: security

2009-06-10 Thread Oliver Lambert
On Wed, Jun 10, 2009 at 11:58 PM, David Pollak < feeder.of.the.be...@gmail.com> wrote: > > > On Tue, Jun 9, 2009 at 11:39 PM, marius d. wrote: > >> >> Hi, >> >> For most apps cannonicalization is not really necessary as the >> character stream for form-url-encoded is UTF-8 by default as Lift uses

[Lift] Re: security

2009-06-10 Thread David Pollak
On Tue, Jun 9, 2009 at 11:39 PM, marius d. wrote: > > Hi, > > For most apps cannonicalization is not really necessary as the > character stream for form-url-encoded is UTF-8 by default as Lift uses > UTF-8 by default. Oh and the conversion from URL encoding to plain > UTF-8 content is really done

[Lift] Re: security

2009-06-09 Thread marius d.
Oh and about XSS Lift is safe by default. Marius On Jun 10, 9:39 am, "marius d." wrote: > Hi, > > For most apps cannonicalization is not really necessary as the > character stream for form-url-encoded is UTF-8 by default as Lift uses > UTF-8 by default. Oh and the conversion from URL encoding t

[Lift] Re: security

2009-06-09 Thread marius d.
Hi, For most apps cannonicalization is not really necessary as the character stream for form-url-encoded is UTF-8 by default as Lift uses UTF-8 by default. Oh and the conversion from URL encoding to plain UTF-8 content is really done by container and when we get the params from the request object