I don't know. It seems like everyone is treating this client state problem as if it's a new security risk that isn't already there, unless I'm missing something. People are currently allowed to specify whether they want client or session based state management for any given property right?
Does anyone know how any other framework handles these security concerns? Are we inventing problems that no one else is even addressing or ?.... I'm not as knowledgable in this area, so it would be interesting to know if anyone out there knows what the right way to do this is.. jesse On 11/28/05, Leonardo Quijano Vincenzi <[EMAIL PROTECTED]> wrote: > > Jesse Kuhnert wrote: > > 1) Provide a system/hivemind/whatever configurable property that > specifies > > the sort of encrytion scheme you'd like to use on these states...Could > be > > none/base64/blowfish/md5/sha/etc....Then only people who need it have to > > take the performance hit. > > > hmmm I don't think basic security is an optional parameter. Remember > that 80% of developers don't really take the time to learn a framework. > A lot will just copy & paste some code and be on their way. That's kinda > scary when you think about it. > > -- > Ing. Leonardo Quijano Vincenzi > DTQ Software > > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > >
