Ok! Thank you! On Apr 29, 9:20 am, Branko Vukelic <[email protected]> wrote: > There is very little a malicious visitor could do (directly to your > session data) unless your server gets hacked. Sessions are stored in > your machine, and the only thing passed to user is the session ID. On > the other hand, session IDs can be manipulated in any number of ways, > but it's also very difficult to do so. > > Basically, there's nothing wrong with storing the username in the > session store, but it's just much easier to store the user ID, since > it simplifies extraction of user-related data from the database. > > Others will correct me if I err. > > > > On Thu, Apr 29, 2010 at 3:00 AM, Oskar <[email protected]> wrote: > > Ok, but, uh, there isn't anything else I should know? Any security > > pitfalls? > > > On Apr 28, 9:56 am, yada <[email protected]> wrote: > >> use uid, you can get other information from database by uid > > >> On Apr 28, 2010 1:36 AM, "Oskar" <[email protected]> wrote: > > >> Thank you! > > >> But, it seemed to me that storing the username in the session object > >> is the most convenient way to know who the user is. If for example a > >> user wants to update his contact info, then I want to know who the > >> user is. What do you recommend for a situation like this? How should I > >> go about knowing who the user is? > > >> On Apr 27, 12:31 pm, Anand Chitipothu <[email protected]> wrote: > > >> > 2010/4/27 Oskar <[email protected]>: > > >> > > I just wanted to add a couple question: > > >> > > Is it unwise to store the username and password ... > >> > For more options, visit this group athttp:// > > >> groups.google.com/group/webpy?hl=en. > > >> -- > >> You received this message because you are subscribed to the Google Groups > >> "web.py" group. > >> To po... > > >> -- > >> You received this message because you are subscribed to the Google Groups > >> "web.py" group. > >> To post to this group, send email to [email protected]. > >> To unsubscribe from this group, send email to > >> [email protected]. > >> For more options, visit this group > >> athttp://groups.google.com/group/webpy?hl=en. > > > -- > > You received this message because you are subscribed to the Google Groups > > "web.py" group. > > To post to this group, send email to [email protected]. > > To unsubscribe from this group, send email to > > [email protected]. > > For more options, visit this group > > athttp://groups.google.com/group/webpy?hl=en. > > -- > Branko Vukelić > > [email protected] > [email protected] > > Check out my blog:http://www.brankovukelic.com/ > Check out my portfolio:http://www.flickr.com/photos/foxbunny/ > Registered Linux user #438078 (http://counter.li.org/) > I hang out on identi.ca:http://identi.ca/foxbunny > > -- > You received this message because you are subscribed to the Google Groups > "web.py" group. > To post to this group, send email to [email protected]. > To unsubscribe from this group, send email to > [email protected]. > For more options, visit this group > athttp://groups.google.com/group/webpy?hl=en.
-- You received this message because you are subscribed to the Google Groups "web.py" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/webpy?hl=en.
