I don't see where cookies compared to URL based sessions have any
security related advantage. Au contraire, they are much more likely
compromised through shared links (ultimately, onecan of course share
cookies ad well. Just not by simple cnp)
AFAIK there is no build-in way to make URL based sessions work. So if
you insist on them, you'll need to whip up something yourself.
You need to write something for repoze.what that identifies a user
based on the get-string. You also need to enhance url_for to render
links with that session part. Or you post-process your pages. I think
that's what j2ee does.
All in all quite a bit of work to avoid cookies.
Btw, not sure what "enterprise level" is
Supposed to mean - but it seems to be important in java& co only....
Other people just write webapps. They might need to scale, but then
that's nothing todo with being "enterprisy" - facebook is written in
php and YouTube in python (partially at least), and both are much,
much larger than anything I wrote in my 6+ years of J2EE...
I hope you enjoy writing your app in TG - believe me, it's much more
fun than j2ee + condorts...
Diez
Am 23.04.2010 um 19:47 schrieb James Onyango <[email protected]>
Am pretty new to turbogears and am trying to roll-out an enterprise
level application in it(wish me luck!) I have a strong ASP.NET, JavaEE
background. In both of these frameworks (for lack of a better word),
authentication can easily be configured to be cookieless. Ive tried
out the default authentication system in TurboGears and am yet to be
convinced with its security level.
Addtionally, i have failed to find a cookieless authentication
configuration option for this!
Any help in this regard and general tips on taking TurboGears to the
enterprise are welcome!
--
You received this message because you are subscribed to the Google
Groups "TurboGears" group.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to [email protected]
.
For more options, visit this group at http://groups.google.com/group/turbogears?hl=en
.
--
You received this message because you are subscribed to the Google Groups
"TurboGears" group.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to
[email protected].
For more options, visit this group at
http://groups.google.com/group/turbogears?hl=en.
