Thank you for this, and so quickly! I was able to leverage this for
what I needed.
--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups
Lift group.
To post to this group, send email to liftweb@googlegroups.com
To
On Thu, Oct 22, 2009 at 10:49 AM, aw anth...@whitford.com wrote:
My company is looking for an explanation of how Lift is secure.
I recall reading a comment saying that Lift deals well with most of
the Top 10 OWASP vulnerabilities (http://www.owasp.org/index.php/
Top_10_2007
I've been pondering this for some time, could an actor be used as a
cookie, if so would that render the stealing attack mote?
7. Lift uses the container's session management (usually JSESSIONID) for
session management. As far as I know, Jetty, Tomcat, Glassfish are secure
in terms
On Thu, Oct 22, 2009 at 4:54 PM, Randinn rand...@gmail.com wrote:
I've been pondering this for some time, could an actor be used as a
cookie,
No
if so would that render the stealing attack mote?
7. Lift uses the container's session management (usually JSESSIONID)
for
session
This looks to be a very significant selling point for Lift. I realize there
are some high level comments about Lift being designed for security, but I
haven't seen any details explaining what measures have been put in place to
qualify those statements. This is a prime example of what should be
On Wed, Jun 10, 2009 at 4:45 PM, Oliver Lambert olambo...@gmail.com wrote:
On Wed, Jun 10, 2009 at 11:58 PM, David Pollak
feeder.of.the.be...@gmail.com wrote:
On Tue, Jun 9, 2009 at 11:39 PM, marius d. marius.dan...@gmail.comwrote:
Hi,
For most apps cannonicalization is not really
On Jun 11, 2:45 am, Oliver Lambert olambo...@gmail.com wrote:
On Wed, Jun 10, 2009 at 11:58 PM, David Pollak
feeder.of.the.be...@gmail.com wrote:
On Tue, Jun 9, 2009 at 11:39 PM, marius d. marius.dan...@gmail.comwrote:
Hi,
For most apps cannonicalization is not really necessary
Hi,
For most apps cannonicalization is not really necessary as the
character stream for form-url-encoded is UTF-8 by default as Lift uses
UTF-8 by default. Oh and the conversion from URL encoding to plain
UTF-8 content is really done by container and when we get the params
from the request
Oh and about XSS Lift is safe by default.
Marius
On Jun 10, 9:39 am, marius d. marius.dan...@gmail.com wrote:
Hi,
For most apps cannonicalization is not really necessary as the
character stream for form-url-encoded is UTF-8 by default as Lift uses
UTF-8 by default. Oh and the conversion
On Tue, Jun 9, 2009 at 11:39 PM, marius d. marius.dan...@gmail.com wrote:
Hi,
For most apps cannonicalization is not really necessary as the
character stream for form-url-encoded is UTF-8 by default as Lift uses
UTF-8 by default. Oh and the conversion from URL encoding to plain
UTF-8
On Wed, Jun 10, 2009 at 11:58 PM, David Pollak
feeder.of.the.be...@gmail.com wrote:
On Tue, Jun 9, 2009 at 11:39 PM, marius d. marius.dan...@gmail.comwrote:
Hi,
For most apps cannonicalization is not really necessary as the
character stream for form-url-encoded is UTF-8 by default as
11 matches
Mail list logo