to more than data of
> the compromised user.
>
> Massimo
>
> On Jul 31, 1:58 am, Armin Ronacher
> wrote:
>
>
>
> > Hi,
>
> > On Jul 31, 2:38 am, Scott wrote:> I do not agree
> > with item 1. Session data should never be stored
> > > client-sid
Hi,
On Jul 31, 2:38 am, Scott wrote:
> I do not agree with item 1. Session data should never be stored
> client-side as it opens a rather large attack vector.
Which attack vector exists for signed cookies with a signed timeout
compared to just session IDs in cookies? Both can be hijacked by a ma
Hi,
> True. but I would not call it a race condition. We timestamp
> everything with the time when a request arrives, not when it is
> processed, unless specified otherwise (datetime.now() instead of
> request.now)
True. But that does not make it a better idea. Also, datetime.now()
should be co
Hi,
Tired so just the most important parts first.
On Aug 2, 9:21 pm, mdipierro wrote:
> No there is not. Why do you think there is a race condition?
If the execution of the module takes longer than, say a few minutes,
the timestamp would be off of course. Long running HTTP requests are
pretty c
Hi,
On Jul 30, 9:49 am, mdipierro wrote:
> Anyway. I just asked you a question and I could use a straight answer:
> do you consider yourself a web2py user?
No. Neither am I a repoze user yet I watch the development.
> I have one more. Which version of web2py are you running?
I'm not *running* a
Hi,
On Jul 30, 5:23 am, Massimo Di Pierro wrote:
> Armin (mistuhiko),
>
> have you joined the web2py IRC because you are a web2py user or for
> the only purpose of discouraging new users?
If you do a /whois mitsuhiko you will find out that I'm in the IRC
channel of every Python framework and m
6 matches
Mail list logo
