On Sat, Oct 26, 2019 at 11:42:47AM +0200, pelzflorian (Florian Pelz) wrote:
> On Sat, Oct 26, 2019 at 10:04:14AM +0200, to...@tuxteam.de wrote:
> >I remember chosing an "early" spot at the URL to
> >leverage the browser's relative addressing, which
> >saves a lot of template substitutio
On Sat, Oct 26, 2019 at 10:04:14AM +0200, to...@tuxteam.de wrote:
>I remember chosing an "early" spot at the URL to
>leverage the browser's relative addressing, which
>saves a lot of template substitution in the pages.
>
So you encoded the session token not in the GET parameter, but s
On Thu, Oct 24, 2019 at 06:35:50PM +0200, Zelphir Kaltstahl wrote:
> Hi Tomas!
>
> Do you still remember some of the issues you came across when making
> such a shop?
As I said, it was a pretty simplistic thing:
- low volume (both customers and inventory)
- no interest whatsoever in SEO and ot
Mikael Djurfeldt 于 2019年10月25日周五 19:30写道:
> It would be nice to be able to run scheme code in the client:
>
> https://github.com/google/schism
>
> They mention "the Webassembly GC proposal". :)
>
> Maybe some day, the Guile compiler could emit WASM? That would mean
> supporting multiple VMs.
>
T
It would be nice to be able to run scheme code in the client:
https://github.com/google/schism
They mention "the Webassembly GC proposal". :)
Maybe some day, the Guile compiler could emit WASM? That would mean
supporting multiple VMs.
Mikael
Den tors 24 okt. 2019 18:16Nala Ginrut skrev:
> I'
On Fri, Oct 25, 2019 at 2:08 PM pelzflorian (Florian Pelz) <
pelzflor...@pelzflorian.de> wrote:
> On Fri, Oct 25, 2019 at 07:42:41AM +0800, Nala Ginrut wrote:
> > Yes, you need to login if you change IP, but the last IP keeps session.
>
> Does checking the IP enhance security in any way? There ar
On Fri, Oct 25, 2019 at 07:42:41AM +0800, Nala Ginrut wrote:
> Yes, you need to login if you change IP, but the last IP keeps session.
Does checking the IP enhance security in any way? There are some
(few) reasons IPs may change.
> BTW, encoding token in URL is bad for SEO.
>
That is interesti
Yes, you need to login if you change IP, but the last IP keeps session.
BTW, encoding token in URL is bad for SEO.
Zelphir Kaltstahl 于 2019年10月25日周五 01:44写道:
> Hi Nala!
>
> I have a question regarding this IP check.
>
> Does this mean that both, the IP address and (logical and) the cookie
> need
Hi Nala!
I have a question regarding this IP check.
Does this mean that both, the IP address and (logical and) the cookie
need to be correct, or is it an inclusive logical or?
I sometimes find myself switching location of the server of the VPN I am
using. In such a case, would I still be logged
Hi Tomas!
Do you still remember some of the issues you came across when making
such a shop?
If I am not mistaken, Racket's continuation based webserver does
something like this. It also stores state in the URL, which then looks a
bit strange. I think that state even encodes the continuation.
Reg
On Thu, Oct 24, 2019 at 11:03:07PM +0800, Nala Ginrut wrote:
> I've ever tried to write a site for our local community without any JS
> code, all auxiliary features include simple animation are implemented with
> CSS.
> However, I have to say it's painful to write a more complex site. I don't
> kno
I've ever tried to write a site for our local community without any JS
code, all auxiliary features include simple animation are implemented with
CSS.
However, I have to say it's painful to write a more complex site. I don't
know if there's any framework for that. I'm too lazy to write all things
m
On Thu, Oct 24, 2019 at 8:30 PM pelzflorian (Florian Pelz) <
pelzflor...@pelzflorian.de> wrote:
> Because of login CSRF the Referer header should also be verified for
> all links internal to the website (external links should strip the
> Referer header via redirect pages similar to what the code a
On Thu, Oct 24, 2019 at 11:35:52AM +0200, Amirouche Boubekki wrote:
> Le jeu. 24 oct. 2019 à 03:01, Nala Ginrut a écrit :
[...]
> Last time I checked the security requirements for web application that
> do not rely on JavaScript was too complicated. I preferred to forget
> about it.
>
> See
>
On Thu, Oct 24, 2019 at 11:35:52AM +0200, Amirouche Boubekki wrote:
> Last time I checked the security requirements for web application that
> do not rely on JavaScript was too complicated. I preferred to forget
> about it.
>
> See
> https://cheatsheetseries.owasp.org/cheatsheets/Cross-Site_Reque
Le jeu. 24 oct. 2019 à 03:01, Nala Ginrut a écrit :
>
> Hi folks!
> Artanis has been using in product, that is to say, working stable and keep
> maintaining. Artanis aims for rapid development just like Ruby on Rails. So
> that you may try your different ideas quickly.
>
> If anyone is willing to
16 matches
Mail list logo
