[Lift] Re: Security Explained

2009-10-23 Thread aw
Thank you for this, and so quickly! I was able to leverage this for what I needed. --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups Lift group. To post to this group, send email to liftweb@googlegroups.com To

[Lift] Re: Security Explained

2009-10-22 Thread David Pollak
On Thu, Oct 22, 2009 at 10:49 AM, aw anth...@whitford.com wrote: My company is looking for an explanation of how Lift is secure. I recall reading a comment saying that Lift deals well with most of the Top 10 OWASP vulnerabilities (http://www.owasp.org/index.php/ Top_10_2007

[Lift] Re: Security Explained

2009-10-22 Thread Randinn
I've been pondering this for some time, could an actor be used as a cookie, if so would that render the stealing attack mote?    7. Lift uses the container's session management (usually JSESSIONID) for    session management.  As far as I know, Jetty, Tomcat, Glassfish are secure    in terms

[Lift] Re: Security Explained

2009-10-22 Thread David Pollak
On Thu, Oct 22, 2009 at 4:54 PM, Randinn rand...@gmail.com wrote: I've been pondering this for some time, could an actor be used as a cookie, No if so would that render the stealing attack mote? 7. Lift uses the container's session management (usually JSESSIONID) for session