Hi,
I packaged Webware 0.8.1 as a Mandrake RPM for my own use. I still have a few
things to do in order to make it robust enough to submit it to Mandrake but
at least I can install and remove the core RPM without any trouble. Mandrake
convention is to separate the doc and devel RPMs from the co
On Thursday 02 December 2004 11:28, Michael wrote:
> Hi all,
>
> For a more complex web app, I'm considering options for remote scripting
> without page reload.
> I know there is XMLRPCServlet. Has anyone been using that with a
> JavaScript client? If so, what was your experience?
Hi Michael,
I
On Wed, Dec 22, 2004 at 01:42:47PM -0500, Geoffrey Talvola wrote:
> [EMAIL PROTECTED] wrote:
> > On Wed, Dec 22, 2004 at 10:17:08AM -0500, Geoffrey Talvola wrote:
> >> I have added a new setting into CVS "UseCookieSessions" that you can
> >> set to False to prevent cookies from being used for sessi
On Wed, Dec 22, 2004 at 10:17:08AM -0500, Geoffrey Talvola wrote:
> I have added a new setting into CVS "UseCookieSessions" that you can set to
> False to prevent cookies from being used for sessions at all. This should
> give you the behavior you're looking for. You'll need to update
> HTTPRespo
Frank Barknecht wrote:
> Hi,
>
> maybe you have already seen this one some news sites, but this
> document on "Session Riding" [1] IMO discusses a very important
> security issue with web based applications like you all probably
> develop with Webware, too, and it shines new light on the Cookie vs
[EMAIL PROTECTED] wrote:
> On Tue, Dec 21, 2004 at 04:31:50PM -0500, Geoffrey Talvola wrote:
>> I also checked in a new HTTPRequest.py in addition to Application.py.
>
> Hmm, even though I have UseAutomaticPathSessions set to true
> in Application.config I see a session cookie. So the new
> code
On Tue, Dec 21, 2004 at 04:31:50PM -0500, Geoffrey Talvola wrote:
> I also checked in a new HTTPRequest.py in addition to Application.py.
Hmm, even though I have UseAutomaticPathSessions set to true
in Application.config I see a session cookie. So the new
code sees both a session path and a sessi
Enrique Arizón wrote:
Of course, I send it back and for embedded in the
form as a hidden input field, so I can't imagine a
general way to use it in Webware (or any other
framework)
Yeah.
Though, if this scheme is used in HTML forms only and application use
some form-management tool like FormKit o
> I assume you attach this number to the urls in the
> final HTML response?
> Passing it back as cookie is useless, AFAIS.
>
Of course, I send it back and for embedded in the
form as a hidden input field, so I can't imagine a
general way to use it in Webware (or any other
framework)
Regards!
Enrique Arizón wrote:
I use "sequence numbers" to avoid the problem. It's
basically a similar solution to the "secrets"
mentioned in the article. An increasing integer number
is send back to client with every request. The client
must put it back to the server with each new request.
It has the added
I use "sequence numbers" to avoid the problem. It's
basically a similar solution to the "secrets"
mentioned in the article. An increasing integer number
is send back to client with every request. The client
must put it back to the server with each new request.
It has the added advantage (that was r
11 matches
Mail list logo
