Re: Camping 2.0 - What's left?

2008-05-25 Thread Bluebie, Jenna
I forgot to mention though, the signing just stops users from changing the session data without the server knowing, it doesn't stop them from reading it. Any data in the session when using the cookie sessions store only needs to be base64 decoded and unmarshaled with ruby to find out

Re: Rack, Camping 2.0++

2008-05-25 Thread Christian Neukirchen
Magnus Holm [EMAIL PROTECTED] writes: I've just finished rewriting Camping to use Rack in the core. I got rid of (a little less) than 1kB in camping.rb and removed lots of un-necessary files (lib/server/*.rb, fastcgi.rb mongrel.rb). Yay! Please tell me when rack/adapters/camping.rb can be

Re: Rack, Camping 2.0++

2008-05-25 Thread zimbatm
Just wanted to comment a bit more : 2008/5/21 Magnus Holm [EMAIL PROTECTED]: I've just finished rewriting Camping to use Rack in the core. I got rid of (a little less) than 1kB in camping.rb and removed lots of un-necessary files (lib/server/*.rb, fastcgi.rb mongrel.rb). This is good ! I

Re: Camping 2.0 - What's left?

2008-05-25 Thread Julian Tarkhanov
On 25 mei 2008, at 00:25, Magnus Holm wrote: * insert your wish * Are deeply nested query arguments and tricky bits like checkbox arrays/param arrays handled properly (and in a Camping-compatible manner, AFAIK in Camping the first parameter wins as opposed to Rails) by Rack? What happens

Re: Camping 2.0 - What's left?

2008-05-25 Thread Magnus Holm
On Sun, May 25, 2008 at 4:25 PM, Julian Tarkhanov [EMAIL PROTECTED] wrote: On 25 mei 2008, at 00:25, Magnus Holm wrote: * insert your wish * Are deeply nested query arguments and tricky bits like checkbox arrays/param arrays handled properly (and in a Camping-compatible manner, AFAIK in

Re: Camping 2.0 - What's left?

2008-05-25 Thread Aria Stewart
On Sat, 2008-05-24 at 22:43 -0500, _why wrote: On Sun, May 25, 2008 at 12:25:08AM +0200, Magnus Holm wrote: * The cookie session is named Camping::Session and is placed in camping/session.rb. Maybe this should be called Camping::CookieSession or??? You know, these cookie sessions seem like

Re: Rack, Camping 2.0++

2008-05-25 Thread _why
On Sun, May 25, 2008 at 02:47:39PM +0200, zimbatm wrote: This is not that hard to do. Maybe I should add some shortening tricks document. I propose platterizing to be done only before release. No, let's not have rules. I don't feel comfortable with having coding standards or any protocol on

Re: Camping 2.0 - What's left?

2008-05-25 Thread _why
On Sun, May 25, 2008 at 02:45:15PM +0200, Magnus Holm wrote: You're absolutely right. Not anymore, though. I fixed in my cs-branch. Now it will save the data in three cookies: camping_blob, camping_hash and camping_time. The secure_blob_hasher includes the remote IP and the user agent, and it

Re: Rack, Camping 2.0++

2008-05-25 Thread zimbatm
2008/5/26 _why [EMAIL PROTECTED]: On Sun, May 25, 2008 at 02:47:39PM +0200, zimbatm wrote: This is not that hard to do. Maybe I should add some shortening tricks document. I propose platterizing to be done only before release. No, let's not have rules. I don't feel comfortable with having

Re: Camping 2.0 - What's left?

2008-05-25 Thread AnĂ­bal Rojas
Agreed all the previous stuff... The reason nobody can ever spoof a session is that they can never generate the needed hash because they don't have the @@state_secret piece of text needed to do so, hopefully! This presents a challenge for open source. We really need to raise an error if